Fix typos and add missing lines in Makefile.

PR: 1089

CHANGES

@@ -4,6 +4,17 @@
 
  Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
 
+  *) Minimal support for X9.31 signatures and PSS padding modes. This is
+     mainly for FIPS compliance and not fully integrated at this stage.
+     [Steve Henson]
+
+  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+     the exponentiation using a fixed-length exponent.  (Otherwise,
+     the information leaked through timing could expose the secret key
+     after many signatures; cf. Bleichenbacher's attack on DSA with
+     biased k.)
+     [Bodo Moeller]
+
   *) Make a new fixed-window mod_exp implementation the default for
      RSA, DSA, and DH private-key operations so that the sequence of
      squares and multiplies and the memory access pattern are

Configure

@@ -1151,7 +1151,7 @@ if (!$no_shared)
 	{
 	if ($shared_cflag ne "")
 		{
-		$cflags = "$shared_cflag $cflags";
+		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
 		}
 	}
 

Makefile.org

@@ -187,7 +187,7 @@ SDIRS=  objects \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
-FDIRS=	sha1 rand des aes dsa rsa dh hmac
+FDIRS=	sha rand des aes dsa rsa dh hmac
 
 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
@@ -230,7 +230,7 @@ sigs:	$(SIGS)
 libcrypto.a.sha1: libcrypto.a
 	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		$(RANLIB) libcrypto.a; \
-		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
+		fips/sha/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
 	fi
 
 sub_all:
@@ -258,6 +258,9 @@ sub_target:
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		$(MAKE) SHLIBDIRS=crypto build-shared; \
+        	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+                    fips/sha/fips_standalone_sha1 -binary $@ > $@.$${HMAC_EXT:-sha1}; \
+		fi; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi

PROBLEMS

@@ -48,20 +48,28 @@ will interfere with each other and lead to test failure.
 The solution is simple for now: don't run parallell make when testing.
 
 
-* Bugs in gcc 3.0 triggered
+* Bugs in gcc triggered
 
-According to a problem report, there are bugs in gcc 3.0 that are
-triggered by some of the code in OpenSSL, more specifically in
-PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
+- According to a problem report, there are bugs in gcc 3.0 that are
+  triggered by some of the code in OpenSSL, more specifically in
+  PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
 
 	header+=11;
 	if (*header != '4') return(0); header++;
 	if (*header != ',') return(0); header++;
 
-What happens is that gcc might optimize a little too agressively, and
-you end up with an extra incrementation when *header != '4'.
+  What happens is that gcc might optimize a little too agressively, and
+  you end up with an extra incrementation when *header != '4'.
 
-We recommend that you upgrade gcc to as high a 3.x version as you can.
+  We recommend that you upgrade gcc to as high a 3.x version as you can.
+
+- According to multiple problem reports, some of our message digest
+  implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
+  and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
+  latter - SHA one.
+
+  The recomendation is to upgrade your compiler. This naturally applies to
+  other similar cases.
 
 * solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
 
@@ -120,3 +128,37 @@ Any information helping to solve this issue would be deeply
 appreciated.
 
 NOTE: building non-shared doesn't come with this problem.
+
+* ULTRIX build fails with shell errors, such as "bad substitution"
+  and "test: argument expected"
+
+The problem is caused by ULTRIX /bin/sh supporting only original
+Bourne shell syntax/semantics, and the trouble is that the vast
+majority is so accustomed to more modern syntax, that very few
+people [if any] would recognize the ancient syntax even as valid.
+This inevitably results in non-trivial scripts breaking on ULTRIX,
+and OpenSSL isn't an exclusion. Fortunately there is workaround,
+hire /bin/ksh to do the job /bin/sh fails to do.
+
+1. Trick make(1) to use /bin/ksh by setting up following environ-
+   ment variables *prior* you execute ./Configure and make:
+
+	PROG_ENV=POSIX
+	MAKESHELL=/bin/ksh
+	export PROG_ENV MAKESHELL
+
+   or if your shell is csh-compatible:
+
+	setenv PROG_ENV POSIX
+	setenv MAKESHELL /bin/ksh
+
+2. Trick /bin/sh to use alternative expression evaluator. Create
+   following 'test' script for example in /tmp:
+
+	#!/bin/ksh
+	${0##*/} "$@"
+
+   Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
+   your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
+   natively just replace system /bin/test and /bin/[ with the
+   above script.

apps/genrsa.c

@@ -88,6 +88,9 @@ int MAIN(int argc, char **argv)
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
 	long l;
+#ifdef OPENSSL_FIPS
+	int use_x931 = 0;
+#endif
 	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
@@ -126,6 +129,10 @@ int MAIN(int argc, char **argv)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+#ifdef OPENSSL_FIPS
+		else if (strcmp(*argv,"-x931") == 0)
+			use_x931 = 1;
+#endif
 #ifndef OPENSSL_NO_ENGINE
 		else if (strcmp(*argv,"-engine") == 0)
 			{
@@ -233,11 +240,27 @@ bad:
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
+#ifdef OPENSSL_FIPS
+	if (use_x931)
+		{
+		BIGNUM *pubexp;
+		pubexp = BN_new();
+		BN_set_word(pubexp, f4);
+		rsa = RSA_X931_generate_key(num, pubexp, genrsa_cb, bio_err);
+		BN_free(pubexp);
+		}
+	else
+#endif
+		rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
 		
 	app_RAND_write_file(NULL, bio_err);
 
-	if (rsa == NULL) goto err;
+	if (rsa == NULL)
+		{
+		BIO_printf(bio_err, "Key Generation error\n");
+
+		goto err;
+		}
 	
 	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */

apps/makeapps.com

@@ -650,7 +650,7 @@ $ CCDEFS = "MONOLITH"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!

apps/rsautl.c

@@ -3,7 +3,7 @@
  * project 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -147,6 +147,7 @@ int MAIN(int argc, char **argv)
 		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
 		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
 		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
 		else if(!strcmp(*argv, "-sign")) {
 			rsa_mode = RSA_SIGN;
 			need_priv = 1;

crypto/bn/Makefile

@@ -31,12 +31,12 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
 	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
-	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
+	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_x931p.c
 
 LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
 	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
-	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_x931p.o
 
 SRC= $(LIBSRC)
 

crypto/bn/bn.h

@@ -231,6 +231,8 @@ extern "C" {
 #define BN_set_flags(b,n)	((b)->flags|=(n))
 #define BN_get_flags(b,n)	((b)->flags&(n))
 
+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
 #define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
                                   (dest)->top=(b)->top, \
                                   (dest)->dmax=(b)->dmax, \
@@ -436,6 +438,19 @@ int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
 	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
 	int do_trial_division);
 
+#ifdef OPENSSL_FIPS
+int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+			const BIGNUM *e, BN_CTX *ctx);
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			BIGNUM *Xp1, BIGNUM *Xp2,
+			const BIGNUM *Xp,
+			const BIGNUM *e, BN_CTX *ctx,
+			void (*cb)(int, int, void *), void *cb_arg);
+#endif
+
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,

crypto/bn/bn_asm.c

@@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 	if (d == 0) return(BN_MASK2);
 
 	i=BN_num_bits_word(d);
-	assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+	assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
 
 	i=BN_BITS2-i;
 	if (h >= d) h-=d;

crypto/bn/bn_x931p.c

@@ -0,0 +1,282 @@
+/* bn_x931p.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/* X9.31 routines for prime derivation */
+
+
+/* X9.31 prime derivation. This is used to generate the primes pi
+ * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
+ * integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+			void (*cb)(int, int, void *), void *cb_arg)
+	{
+	int i = 0;
+	if (!BN_copy(pi, Xpi))
+		return 0;
+	if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+		return 0;
+	for(;;)
+		{
+		i++;
+		if (cb)
+			cb(0, i, cb_arg);
+		/* NB 27 MR is specificed in X9.31 */
+		if (BN_is_prime_fasttest(pi, 27, cb, ctx, cb_arg, 1))
+			break;
+		if (!BN_add_word(pi, 2))
+			return 0;
+		}
+	if (cb)
+		cb(2, i, cb_arg);
+	return 1;
+	}
+
+/* This is the main X9.31 prime derivation function. From parameters
+ * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
+ * not NULL they will be returned too: this is needed for testing.
+ */
+
+int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+			const BIGNUM *e, BN_CTX *ctx)
+	{
+	int ret = 0;
+
+	BIGNUM *t, *p1p2, *pm1;
+
+	/* Only even e supported */
+	if (!BN_is_odd(e))
+		return 0;
+
+	BN_CTX_start(ctx);
+	if (!p1)
+		p1 = BN_CTX_get(ctx);
+
+	if (!p2)
+		p2 = BN_CTX_get(ctx);
+
+	t = BN_CTX_get(ctx);
+
+	p1p2 = BN_CTX_get(ctx);
+
+	pm1 = BN_CTX_get(ctx);
+
+	if (!bn_x931_derive_pi(p1, Xp1, ctx, cb, cb_arg))
+		goto err;
+
+	if (!bn_x931_derive_pi(p2, Xp2, ctx, cb, cb_arg))
+		goto err;
+
+	if (!BN_mul(p1p2, p1, p2, ctx))
+		goto err;
+
+	/* First set p to value of Rp */
+
+	if (!BN_mod_inverse(p, p2, p1, ctx))
+		goto err;
+
+	if (!BN_mul(p, p, p2, ctx))
+		goto err;
+
+	if (!BN_mod_inverse(t, p1, p2, ctx))
+		goto err;
+
+	if (!BN_mul(t, t, p1, ctx))
+		goto err;
+
+	if (!BN_sub(p, p, t))
+		goto err;
+
+	if (p->neg && !BN_add(p, p, p1p2))
+		goto err;
+
+	/* p now equals Rp */
+
+	if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+		goto err;
+
+	if (!BN_add(p, p, Xp))
+		goto err;
+
+	/* p now equals Yp0 */
+
+	for (;;)
+		{
+		int i = 1;
+		if (cb)
+			cb(0, i++, cb_arg);
+		if (!BN_copy(pm1, p))
+			goto err;
+		if (!BN_sub_word(pm1, 1))
+			goto err;
+		if (!BN_gcd(t, pm1, e, ctx))
+			goto err;
+		if (BN_is_one(t)
+		/* X9.31 specifies 8 MR and 1 Lucas test or any prime test
+		 * offering similar or better guarantees 50 MR is considerably 
+		 * better.
+		 */
+			&& BN_is_prime_fasttest(p, 50, cb, ctx, cb_arg, 1))
+			break;
+		if (!BN_add(p, p, p1p2))
+			goto err;
+		}
+
+	if (cb)
+		cb(3, 0, cb_arg);
+
+	ret = 1;
+
+	err:
+
+	BN_CTX_end(ctx);
+
+	return ret;
+	}
+
+/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
+ * Note: nbits paramter is sum of number of bits in both.
+ */
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+	{
+	BIGNUM *t;
+	int i;
+	/* Number of bits for each prime is of the form
+	 * 512+128s for s = 0, 1, ...
+	 */
+	if ((nbits < 1024) || (nbits & 0xff))
+		return 0;
+	nbits >>= 1;
+	/* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
+	 * 2^nbits - 1. By setting the top two bits we ensure that the lower
+	 * bound is exceeded.
+	 */
+	if (!BN_rand(Xp, nbits, 1, 0))
+		return 0;
+
+	BN_CTX_start(ctx);
+	t = BN_CTX_get(ctx);
+
+	for (i = 0; i < 1000; i++)
+		{
+		if (!BN_rand(Xq, nbits, 1, 0))
+			return 0;
+		/* Check that |Xp - Xq| > 2^(nbits - 100) */
+		BN_sub(t, Xp, Xq);
+		if (BN_num_bits(t) > (nbits - 100))
+			break;
+		}
+
+	BN_CTX_end(ctx);
+
+	if (i < 1000)
+		return 1;
+
+	return 0;
+
+	}
+
+/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
+ * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
+ * the relevant parameter will be stored in it.
+ *
+ * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
+ * are generated using the previous function and supplied as input.
+ */
+
+int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+			BIGNUM *Xp1, BIGNUM *Xp2,
+			const BIGNUM *Xp,
+			const BIGNUM *e, BN_CTX *ctx,
+			void (*cb)(int, int, void *), void *cb_arg)
+	{
+	int ret = 0;
+
+	BN_CTX_start(ctx);
+	if (!Xp1)
+		Xp1 = BN_CTX_get(ctx);
+	if (!Xp2)
+		Xp2 = BN_CTX_get(ctx);
+
+	if (!BN_rand(Xp1, 101, 0, 0))
+		goto error;
+	if (!BN_rand(Xp2, 101, 0, 0))
+		goto error;
+	if (!BN_X931_derive_prime(p, p1, p2, cb, cb_arg,
+						Xp, Xp1, Xp2, e, ctx))
+		goto error;
+
+	ret = 1;
+
+	error:
+	BN_CTX_end(ctx);
+
+	return ret;
+
+	}
+
+#endif

crypto/crypto-lib.com

@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
 $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
 	"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
 	"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
-	"bn_recp,bn_mont,bn_mpi,bn_exp2"
+	"bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
 $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
 	"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-	"rsa_asn1"
+	"rsa_pss,rsa_x931,rsa_asn1"
 $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
 	"ec_err"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -960,7 +960,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!

crypto/dh/dh_key.c

@@ -150,6 +150,7 @@ static int generate_key(DH *dh)
 
 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}

crypto/dsa/dsa_key.c

@@ -97,6 +97,7 @@ int DSA_generate_key(DSA *dsa)
 
 		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}

crypto/dsa/dsa_ossl.c

@@ -172,7 +172,7 @@ err:
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
 	BN_CTX *ctx;
-	BIGNUM k,*kinv=NULL,*r=NULL;
+	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
 	int ret=0;
 
 	if (!dsa->p || !dsa->q || !dsa->g)
@@ -182,6 +182,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 
 	BN_init(&k);
+	BN_init(&kq);
 
 	if (ctx_in == NULL)
 		{
@@ -191,7 +192,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		ctx=ctx_in;
 
 	if ((r=BN_new()) == NULL) goto err;
-	kinv=NULL;
 
 	/* Get random k */
 	do
@@ -211,7 +211,30 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 
 	/* Compute r = (g^k mod p) mod q */
-	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		if (!BN_copy(&kq, &k)) goto err;
+
+		/* We do not want timing information to leak the length of k,
+		 * so we compute g^k using an equivalent exponent of fixed length.
+		 *
+		 * (This is a kludge that we need because the BN_mod_exp_mont()
+		 * does not let us specify the desired timing behaviour.) */
+
+		if (!BN_add(&kq, &kq, dsa->q)) goto err;
+		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+			{
+			if (!BN_add(&kq, &kq, dsa->q)) goto err;
+			}
+
+		K = &kq;
+		}
+	else
+		{
+		K = &k;
+		}
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -234,6 +257,7 @@ err:
 	if (ctx_in == NULL) BN_CTX_free(ctx);
 	if (kinv != NULL) BN_clear_free(kinv);
 	BN_clear_free(&k);
+	BN_clear_free(&kq);
 	return(ret);
 	}
 

crypto/dso/dso_dl.c

@@ -281,4 +281,32 @@ static char *dl_name_converter(DSO *dso, const char *filename)
 	return(translated);
 	}
 
+#ifdef OPENSSL_FIPS
+static void dl_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+	{
+	struct shl_descriptor inf;
+	int i,len;
+
+	if (addr == NULL) addr = dl_ref_point;
+
+	for (i=-1;shl_get_r(i,&inf)==0;i++)
+		{
+		if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+		    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+			{
+			len = (int)strlen(inf.filename);
+			if (sz <= 0) return len+1;
+			if (len >= sz) len=sz-1;
+			memcpy(path,inf.filename,len);
+			path[len++] = 0;
+			return len;
+			}
+		}
+
+	return -1;
+	}
+#endif
+
 #endif /* DSO_DL */

crypto/dso/dso_dlfcn.c

@@ -56,6 +56,10 @@
  *
  */
 
+#ifdef __linux
+#define _GNU_SOURCE
+#endif
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
@@ -290,4 +294,28 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
 	return(translated);
 	}
 
+#ifdef OPENSSL_FIPS
+static void dlfcn_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+	{
+	Dl_info dli;
+	int len;
+
+	if (addr == NULL) addr = dlfcn_ref_point;
+
+	if (dladdr(addr,&dli))
+		{
+		len = (int)strlen(dli.dli_fname);
+		if (sz <= 0) return len+1;
+		if (len >= sz) len=sz-1;
+		memcpy(path,dli.dli_fname,len);
+		path[len++]=0;
+		return len;
+		}
+
+	ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+	return -1;
+	}
+#endif
 #endif /* DSO_DLFCN */

crypto/rsa/Makefile

@@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
 	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
-	rsa_asn1.c
+	rsa_pss.c rsa_x931.c rsa_asn1.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
 	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
-	rsa_asn1.o
+	rsa_pss.o rsa_x931.o rsa_asn1.o
 
 SRC= $(LIBSRC)
 
@@ -184,6 +184,26 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pss.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_pss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_pss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_pss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_pss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_pss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_pss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_pss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_pss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_pss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_pss.o: ../../include/openssl/ui_compat.h ../cryptlib.h rsa_pss.c
 rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
 rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
@@ -237,3 +257,13 @@ rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c

crypto/rsa/rsa.h

@@ -191,6 +191,7 @@ struct rsa_st
 #define RSA_SSLV23_PADDING	2
 #define RSA_NO_PADDING		3
 #define RSA_PKCS1_OAEP_PADDING	4
+#define RSA_X931_PADDING	5
 
 #define RSA_PKCS1_PADDING_SIZE	11
 
@@ -203,6 +204,15 @@ int	RSA_size(const RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
 int	RSA_check_key(const RSA *);
+#ifdef OPENSSL_FIPS
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+			const BIGNUM *e);
+RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
+	     void (*cb)(int,int,void *), void *cb_arg);
+#endif
 	/* next 4 return -1 on error */
 int	RSA_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
@@ -275,6 +285,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
 	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
 	const unsigned char *f,int fl,int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen, const EVP_MD *dgst);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
 	const unsigned char *f,int fl,
 	const unsigned char *p,int pl);
@@ -289,6 +301,17 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
 	const unsigned char *f,int fl);
 int RSA_padding_check_none(unsigned char *to,int tlen,
 	const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_X931(unsigned char *to,int tlen,
+	const unsigned char *f,int fl);
+int RSA_padding_check_X931(unsigned char *to,int tlen,
+	const unsigned char *f,int fl,int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+			const EVP_MD *Hash, const unsigned char *EM, int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+			const unsigned char *mHash,
+			const EVP_MD *Hash, int sLen);
 
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -318,20 +341,24 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_NULL					 124
 #define RSA_F_RSA_PADDING_ADD_NONE			 107
 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
 #define RSA_F_RSA_PADDING_ADD_SSLV23			 110
+#define RSA_F_RSA_PADDING_ADD_X931			 127
 #define RSA_F_RSA_PADDING_CHECK_NONE			 111
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
 #define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
+#define RSA_F_RSA_PADDING_CHECK_X931			 128
 #define RSA_F_RSA_PRINT					 115
 #define RSA_F_RSA_PRINT_FP				 116
 #define RSA_F_RSA_SIGN					 117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
 #define RSA_F_RSA_VERIFY				 119
 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
+#define RSA_F_RSA_VERIFY_PKCS1_PSS			 126
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH			 100
@@ -351,12 +378,18 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
+#define RSA_R_FIRST_OCTET_INVALID			 133
+#define RSA_R_INVALID_HEADER				 137
 #define RSA_R_INVALID_MESSAGE_LENGTH			 131
+#define RSA_R_INVALID_PADDING				 138
+#define RSA_R_INVALID_TRAILER				 139
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
 #define RSA_R_KEY_SIZE_TOO_SMALL			 120
+#define RSA_R_LAST_OCTET_INVALID			 134
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
 #define RSA_R_OAEP_DECODING_ERROR			 121
+#define RSA_R_SLEN_RECOVERY_FAILED			 135
 #define RSA_R_PADDING_CHECK_FAILED			 114
 #define RSA_R_P_NOT_PRIME				 128
 #define RSA_R_Q_NOT_PRIME				 129
@@ -366,6 +399,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
 #define RSA_R_UNKNOWN_PADDING_TYPE			 118
 #define RSA_R_WRONG_SIGNATURE_LENGTH			 119
+#define RSA_R_SLEN_CHECK_FAILED				 136
 
 #ifdef  __cplusplus
 }

crypto/rsa/rsa_eay.c

@@ -285,7 +285,7 @@ err:
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM f,ret;
+	BIGNUM f,ret, *res;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
@@ -377,6 +377,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		
 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
 			{
+			BN_init(&local_d);
 			d = &local_d;
 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
 			}
@@ -388,10 +389,21 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 	if (blinding)
 		if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
 
+	if (padding == RSA_X931_PADDING)
+		{
+		BN_sub(&f, rsa->n, &ret);
+		if (BN_cmp(&ret, &f))
+			res = &f;
+		else
+			res = &ret;
+		}
+	else
+		res = &ret;
+
 	/* put in leading 0 bytes if the number is less than the
 	 * length of the modulus */
-	j=BN_num_bytes(&ret);
-	i=BN_bn2bin(&ret,&(to[num-j]));
+	j=BN_num_bytes(res);
+	i=BN_bn2bin(res,&(to[num-j]));
 	for (k=0; k<(num-i); k++)
 		to[k]=0;
 
@@ -605,6 +617,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;
 
+	if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
+		BN_sub(&ret, rsa->n, &ret);
+
 	p=buf;
 	i=BN_bn2bin(&ret,p);
 

crypto/rsa/rsa_err.c

@@ -81,20 +81,24 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_NULL),	"RSA_NULL"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),	"RSA_padding_add_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),	"RSA_padding_add_PKCS1_OAEP"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),	"RSA_padding_add_PKCS1_PSS"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),	"RSA_padding_add_PKCS1_type_1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),	"RSA_padding_add_PKCS1_type_2"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),	"RSA_padding_add_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),	"RSA_padding_add_X931"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),	"RSA_padding_check_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),	"RSA_padding_check_PKCS1_OAEP"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),	"RSA_padding_check_PKCS1_type_1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),	"RSA_padding_check_PKCS1_type_2"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),	"RSA_padding_check_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),	"RSA_padding_check_X931"},
 {ERR_FUNC(RSA_F_RSA_PRINT),	"RSA_print"},
 {ERR_FUNC(RSA_F_RSA_PRINT_FP),	"RSA_print_fp"},
 {ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},
 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
 {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),	"RSA_verify_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),	"RSA_verify_PKCS1_PSS"},
 {0,NULL}
 	};
 
@@ -117,12 +121,18 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
 {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
 {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
+{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
+{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
 {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
+{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
 {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
 {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
+{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
+{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
@@ -132,6 +142,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
 {0,NULL}
 	};
 

crypto/rsa/rsa_oaep.c

@@ -28,9 +28,6 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-int MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen);
-
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	const unsigned char *from, int flen,
 	const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	   20);
 #endif
 
-	MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+	PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
+								EVP_sha1());
 	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
 		db[i] ^= dbmask[i];
 
-	MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+	PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
+								EVP_sha1());
 	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
 		seed[i] ^= seedmask[i];
 
@@ -126,11 +125,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 		return -1;
 		}
 
-	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+	PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
 	for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
 		seed[i] ^= from[i - lzero];
   
-	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+	PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
 	for (i = 0; i < dblen; i++)
 		db[i] ^= maskeddb[i];
 
@@ -170,28 +169,30 @@ decoding_err:
 	return -1;
 	}
 
-int MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen)
+int PKCS1_MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen, const EVP_MD *dgst)
 	{
 	long i, outlen = 0;
 	unsigned char cnt[4];
 	EVP_MD_CTX c;
-	unsigned char md[SHA_DIGEST_LENGTH];
+	unsigned char md[EVP_MAX_MD_SIZE];
+	int mdlen;
 
 	EVP_MD_CTX_init(&c);
+	mdlen = EVP_MD_size(dgst);
 	for (i = 0; outlen < len; i++)
 		{
 		cnt[0] = (unsigned char)((i >> 24) & 255);
 		cnt[1] = (unsigned char)((i >> 16) & 255);
 		cnt[2] = (unsigned char)((i >> 8)) & 255;
 		cnt[3] = (unsigned char)(i & 255);
-		EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+		EVP_DigestInit_ex(&c,dgst, NULL);
 		EVP_DigestUpdate(&c, seed, seedlen);
 		EVP_DigestUpdate(&c, cnt, 4);
-		if (outlen + SHA_DIGEST_LENGTH <= len)
+		if (outlen + mdlen <= len)
 			{
 			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
-			outlen += SHA_DIGEST_LENGTH;
+			outlen += mdlen;
 			}
 		else
 			{
@@ -203,4 +204,9 @@ int MGF1(unsigned char *mask, long len,
 	EVP_MD_CTX_cleanup(&c);
 	return 0;
 	}
+
+int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+	{
+	return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
+	}
 #endif

crypto/rsa/rsa_pss.c

@@ -0,0 +1,261 @@
+/* rsa_pss.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+const static unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+			const EVP_MD *Hash, const unsigned char *EM, int sLen)
+	{
+	int i;
+	int ret = 0;
+	int hLen, maskedDBLen, MSBits, emLen;
+	const unsigned char *H;
+	unsigned char *DB = NULL;
+	EVP_MD_CTX ctx;
+	unsigned char H_[EVP_MAX_MD_SIZE];
+
+	hLen = EVP_MD_size(Hash);
+	/*
+	 * Negative sLen has special meanings:
+	 *	-1	sLen == hLen
+	 *	-2	salt length is autorecovered from signature
+	 *	-N	reserved
+	 */
+	if      (sLen == -1)	sLen = hLen;
+	else if (sLen == -2)	sLen = -2;
+	else if (sLen < -2)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+
+	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+	emLen = RSA_size(rsa);
+	if (EM[0] & (0xFF << MSBits))
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
+		goto err;
+		}
+	if (MSBits == 0)
+		{
+		EM++;
+		emLen--;
+		}
+	if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
+		goto err;
+		}
+	if (EM[emLen - 1] != 0xbc)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
+		goto err;
+		}
+	maskedDBLen = emLen - hLen - 1;
+	H = EM + maskedDBLen;
+	DB = OPENSSL_malloc(maskedDBLen);
+	if (!DB)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+	for (i = 0; i < maskedDBLen; i++)
+		DB[i] ^= EM[i];
+	if (MSBits)
+		DB[0] &= 0xFF >> (8 - MSBits);
+	for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
+	if (DB[i++] != 0x1)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
+		goto err;
+		}
+	if (sLen >= 0 && (maskedDBLen - i) != sLen)
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+	EVP_MD_CTX_init(&ctx);
+	EVP_DigestInit_ex(&ctx, Hash, NULL);
+	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+	EVP_DigestUpdate(&ctx, mHash, hLen);
+	if (maskedDBLen - i)
+		EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
+	EVP_DigestFinal(&ctx, H_, NULL);
+	EVP_MD_CTX_cleanup(&ctx);
+	if (memcmp(H_, H, hLen))
+		{
+		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
+		ret = 0;
+		}
+	else 
+		ret = 1;
+
+	err:
+	if (DB)
+		OPENSSL_free(DB);
+
+	return ret;
+
+	}
+
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+			const unsigned char *mHash,
+			const EVP_MD *Hash, int sLen)
+	{
+	int i;
+	int ret = 0;
+	int hLen, maskedDBLen, MSBits, emLen;
+	unsigned char *H, *salt = NULL, *p;
+	EVP_MD_CTX ctx;
+
+	hLen = EVP_MD_size(Hash);
+	/*
+	 * Negative sLen has special meanings:
+	 *	-1	sLen == hLen
+	 *	-2	salt length is maximized
+	 *	-N	reserved
+	 */
+	if      (sLen == -1)	sLen = hLen;
+	else if (sLen == -2)	sLen = -2;
+	else if (sLen < -2)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+		goto err;
+		}
+
+	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+	emLen = RSA_size(rsa);
+	if (MSBits == 0)
+		{
+		*EM++ = 0;
+		emLen--;
+		}
+	if (sLen == -2)
+		{
+		sLen = emLen - hLen - 2;
+		}
+	else if (emLen < (hLen + sLen + 2))
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
+		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		goto err;
+		}
+	if (sLen > 0)
+		{
+		salt = OPENSSL_malloc(sLen);
+		if (!salt)
+			{
+			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
+		   		ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		if (!RAND_bytes(salt, sLen))
+			goto err;
+		}
+	maskedDBLen = emLen - hLen - 1;
+	H = EM + maskedDBLen;
+	EVP_MD_CTX_init(&ctx);
+	EVP_DigestInit_ex(&ctx, Hash, NULL);
+	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+	EVP_DigestUpdate(&ctx, mHash, hLen);
+	if (sLen)
+		EVP_DigestUpdate(&ctx, salt, sLen);
+	EVP_DigestFinal(&ctx, H, NULL);
+	EVP_MD_CTX_cleanup(&ctx);
+
+	/* Generate dbMask in place then perform XOR on it */
+	PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+
+	p = EM;
+
+	/* Initial PS XORs with all zeroes which is a NOP so just update
+	 * pointer. Note from a test above this value is guaranteed to
+	 * be non-negative.
+	 */
+	p += emLen - sLen - hLen - 2;
+	*p++ ^= 0x1;
+	if (sLen > 0)
+		{
+		for (i = 0; i < sLen; i++)
+			*p++ ^= salt[i];
+		}
+	if (MSBits)
+		EM[0] &= 0xFF >> (8 - MSBits);
+
+	/* H is already in place so just set final 0xbc */
+
+	EM[emLen - 1] = 0xbc;
+
+	ret = 1;
+
+	err:
+	if (salt)
+		OPENSSL_free(salt);
+
+	return ret;
+
+	}

crypto/rsa/rsa_x931.c

@@ -0,0 +1,177 @@
+/* rsa_x931.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+
+int RSA_padding_add_X931(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen)
+	{
+	int j;
+	unsigned char *p;
+
+	/* Absolute minimum amount of padding is 1 header nibble, 1 padding
+	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
+	 */
+
+	j = tlen - flen - 2;
+
+	if (j < 0)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		return -1;
+		}
+	
+	p=(unsigned char *)to;
+
+	/* If no padding start and end nibbles are in one byte */
+	if (j == 0)
+		*p++ = 0x6A;
+	else
+		{
+		*p++ = 0x6B;
+		if (j > 1)
+			{
+			memset(p, 0xBB, j - 1);
+			p += j - 1;
+			}
+		*p++ = 0xBA;
+		}
+	memcpy(p,from,(unsigned int)flen);
+	p += flen;
+	*p = 0xCC;
+	return(1);
+	}
+
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen, int num)
+	{
+	int i,j;
+	const unsigned char *p;
+
+	p=from;
+	if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
+		return -1;
+		}
+
+	if (*p++ == 0x6B)
+		{
+		j=flen-3;
+		for (i = 0; i < j; i++)
+			{
+			unsigned char c = *p++;
+			if (c == 0xBA)
+				break;
+			if (c != 0xBB)
+				{
+				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
+					RSA_R_INVALID_PADDING);
+				return -1;
+				}
+			}
+
+		j -= i;
+
+		if (i == 0)
+			{
+			RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+			return -1;
+			}
+
+		}
+	else j = flen - 2;
+
+	if (p[j] != 0xCC)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+		return -1;
+		}
+
+	memcpy(to,p,(unsigned int)j);
+
+	return(j);
+	}
+
+/* Translate between X931 hash ids and NIDs */
+
+int RSA_X931_hash_id(int nid)
+	{
+	switch (nid)
+		{
+		case NID_sha1:
+		return 0x33;
+
+		case NID_sha256:
+		return 0x34;
+
+		case NID_sha384:
+		return 0x36;
+
+		case NID_sha512:
+		return 0x35;
+
+		}
+	return -1;
+	}
+

crypto/x509/x509_vfy.c

@@ -944,7 +944,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 		offset=0;
 	else
 		{
-		if ((*str != '+') && (str[5] != '-'))
+		if ((*str != '+') && (*str != '-'))
 			return 0;
 		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
 		offset+=(str[3]-'0')*10+(str[4]-'0');

doc/crypto/OPENSSL_config.pod

@@ -35,7 +35,7 @@ calls OPENSSL_add_all_algorithms() by compiling an application with the
 preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
 can be added without source changes.
 
-The environment variable B<OPENSSL_CONFIG> can be set to specify the location
+The environment variable B<OPENSSL_CONF> can be set to specify the location
 of the configuration file.
  
 Currently ASN1 OBJECTs and ENGINE configuration can be performed future

doc/crypto/threads.pod

@@ -130,7 +130,7 @@ You can find out if OpenSSL was configured with thread support:
 
  #define OPENSSL_THREAD_DEFINES
  #include <openssl/opensslconf.h>
- #if defined(THREADS)
+ #if defined(OPENSSL_THREADS)
    // thread support enabled
  #else
    // no thread support

fips/Makefile

@@ -11,21 +11,22 @@ CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
+MAKEFILE=       Makefile
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
+PERL=		perl
 RM=             rm -f
 AR=		ar r
 
 PEX_LIBS=
 EX_LIBS=
 
-CFLAGS= $(INCLUDE) $(CFLAG)
+CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
 
 
 LIBS=
 
-FDIRS=sha1 rand des aes dsa rsa dh hmac
+FDIRS=sha rand des aes dsa rsa dh hmac
 
 GENERAL=Makefile README fips-lib.com install.com
 
@@ -100,11 +101,7 @@ libs:
 	done;
 
 tests:
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making tests in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
-	done;
+	(cd ..; make DIRS=test)
 
 top_fips_test_suite:
 	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=. TARGET=fips_test_suite sub_target)
@@ -113,9 +110,9 @@ fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a
 	$(CC) $(CFLAGS) -o fips_test_suite fips_test_suite.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
 	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_test_suite || { rm fips_test_suite; false; }
 
-fips_test: top top_fips_test_suite
-	cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
-	@for i in dsa sha1 aes des hmac rand rsa; \
+fips_test: top tests
+	-cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
+	@for i in dsa sha aes des hmac rand rsa; \
 	do \
 		(cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
 	done;

fips/aes/Makefile

@@ -66,18 +66,11 @@ tags:
 
 tests:
 
-top_fips_aesavs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_aesavs sub_target)
-
-fips_aesavs: fips_aesavs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_aesavs
-
-fips_test: top top_fips_aesavs
-	find ../testvectors/aes/req -name '*.req' > testlist
+fips_test:
+	-find ../testvectors/aes/req -name '*.req' > testlist
 	-rm -rf ../testvectors/aes/rsp
 	mkdir ../testvectors/aes/rsp
-	./fips_aesavs -d testlist
+	if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

fips/des/Makefile

@@ -64,26 +64,11 @@ tags:
 
 tests:
 
-top_fips_desmovs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_desmovs sub_target)
-
-fips_desmovs: fips_desmovs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_desmovs fips_desmovs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_desmovs
-
-fips_test: top_fips_desmovs
-	find ../testvectors/des/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des/rsp
-	mkdir ../testvectors/des/rsp
-	./fips_desmovs -d testlist
-	find ../testvectors/des2/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des2/rsp
-	mkdir ../testvectors/des2/rsp
-	./fips_desmovs -d testlist
-	find ../testvectors/des3/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des3/rsp
-	mkdir ../testvectors/des3/rsp
-	./fips_desmovs -d testlist
+fips_test:
+	-find ../testvectors/tdes/req -name '*.req' > testlist
+	-rm -rf ../testvectors/tdes/rsp
+	mkdir ../testvectors/tdes/rsp
+	if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

fips/dh/fips_dh_key.c

@@ -145,8 +145,23 @@ static int generate_key(DH *dh)
 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
 		}
-	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
-		goto err;
+
+	{
+		BIGNUM local_prk;
+		BIGNUM *prk;
+
+		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+			{
+			BN_init(&local_prk);
+			prk = &local_prk;
+			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+			}
+		else
+			prk = priv_key;
+
+		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+			goto err;
+	}
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -184,6 +199,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 		mont = BN_MONT_CTX_set_locked(
 				(BN_MONT_CTX **)&dh->method_mont_p,
 				CRYPTO_LOCK_DH, dh->p, ctx);
+		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+			{
+			/* XXX */
+			BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
+			}
 		if (!mont)
 			goto err;
 		}
@@ -206,7 +226,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 			const BIGNUM *m, BN_CTX *ctx,
 			BN_MONT_CTX *m_ctx)
 	{
-	if (a->top == 1)
+	/* If a is only one word long and constant time is false, use the faster
+	 * exponenentiation function.
+	 */
+	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
 		{
 		BN_ULONG A = a->d[0];
 		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);

fips/dsa/Makefile

@@ -18,7 +18,7 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST=fips_dsatest.c
+TEST=fips_dsatest.c fips_dssvs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
@@ -62,23 +62,16 @@ tags:
 
 tests:
 
-top_fips_dssvs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_dssvs sub_target)
-
-fips_dssvs: fips_dssvs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_dssvs fips_dssvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_dssvs
-
 Q=../testvectors/dsa/req
 A=../testvectors/dsa/rsp
 
-fips_test: top_fips_dssvs
+fips_test:
 	-rm -rf $A
 	mkdir $A
-	./fips_dssvs pqg < $Q/PQGGen.req > $A/PQGGen.rsp
-	./fips_dssvs keypair < $Q/KeyPair.req > $A/KeyPair.rsp
-	./fips_dssvs siggen < $Q/SigGen.req > $A/SigGen.rsp
-	./fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp
+	if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
+	if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
+	if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
+	if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

fips/dsa/fips_dsa_ossl.c

@@ -187,7 +187,7 @@ err:
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
 	BN_CTX *ctx;
-	BIGNUM k,*kinv=NULL,*r=NULL;
+	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
 	int ret=0;
 
 	if (!dsa->p || !dsa->q || !dsa->g)
@@ -197,6 +197,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 
 	BN_init(&k);
+	BN_init(&kq);
 
 	if (ctx_in == NULL)
 		{
@@ -206,12 +207,15 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		ctx=ctx_in;
 
 	if ((r=BN_new()) == NULL) goto err;
-	kinv=NULL;
 
 	/* Get random k */
 	do
 		if (!BN_rand_range(&k, dsa->q)) goto err;
 	while (BN_is_zero(&k));
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+		}
 
 	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
 		{
@@ -222,7 +226,30 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 
 	/* Compute r = (g^k mod p) mod q */
-	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		if (!BN_copy(&kq, &k)) goto err;
+
+		/* We do not want timing information to leak the length of k,
+		 * so we compute g^k using an equivalent exponent of fixed length.
+		 *
+		 * (This is a kludge that we need because the BN_mod_exp_mont()
+		 * does not let us specify the desired timing behaviour.) */
+
+		if (!BN_add(&kq, &kq, dsa->q)) goto err;
+		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+			{
+			if (!BN_add(&kq, &kq, dsa->q)) goto err;
+			}
+
+		K = &kq;
+		}
+	else
+		{
+		K = &k;
+		}
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -245,6 +272,7 @@ err:
 	if (ctx_in == NULL) BN_CTX_free(ctx);
 	if (kinv != NULL) BN_clear_free(kinv);
 	BN_clear_free(&k);
+	BN_clear_free(&kq);
 	return(ret);
 	}
 

fips/fips-lib.com

@@ -75,7 +75,7 @@ $ ENDIF
 $!
 $! Define The Different Encryption Types.
 $!
-$ ENCRYPT_TYPES = "Basic,SHA1,RAND,DES,AES,DSA,RSA,DH,HMAC"
+$ ENCRYPT_TYPES = "Basic,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC"
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -151,12 +151,12 @@ $!
 $! Define The Different Encryption "library" Strings.
 $!
 $ LIB_ = "fips,fips_err_wrapper"
-$ LIB_SHA1 = "fips_sha1dgst,fips_sha1_selftest,fips_sha256,fips_sha512"
+$ LIB_SHA = "fips_sha1dgst,fips_sha1_selftest,fips_sha256,fips_sha512"
 $ LIB_RAND = "fips_rand,fips_rand_selftest"
 $ LIB_DES = "fips_des_enc,fips_des_selftest,fips_set_key"
 $ LIB_AES = "fips_aes_core,fips_aes_selftest"
 $ LIB_DSA = "fips_dsa_ossl,fips_dsa_gen,fips_dsa_selftest"
-$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest"
+$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest,fips_rsa_x931g"
 $ LIB_DH = "fips_dh_check,fips_dh_gen,fips_dh_key"
 $ LIB_HMAC = "fips_hmac,fips_hmac_selftest"
 $!
@@ -857,7 +857,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!

fips/fips.c

@@ -145,6 +145,73 @@ int FIPS_selftest()
 	&& FIPS_selftest_dsa();
     }
 
+#ifndef HMAC_EXT
+#define HMAC_EXT "sha1"
+#endif
+
+static char key[]="etaonrishdlcupfm";
+
+#ifdef OPENSSL_PIC
+int DSO_pathbyaddr(void *addr,char *path,int sz);
+
+static int FIPS_check_dso()
+    {
+    unsigned char buf[1024];
+    char path [512];
+    unsigned char mdbuf[EVP_MAX_MD_SIZE];
+    FILE *f;
+    HMAC_CTX hmac;
+    int len,n;
+
+    len = DSO_pathbyaddr(NULL,path,sizeof(path)-sizeof(HMAC_EXT));
+    if (len<=0)
+    	{
+	FIPSerr(FIPS_F_FIPS_CHECK_DSO,FIPS_R_NO_DSO_PATH);
+	return 0;
+	}
+
+    f=fopen(path,"rb");
+    if(!f)
+	{
+	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
+	return 0;
+	}
+
+    HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
+    while(!feof(f))
+	{
+	n=fread(buf,1,sizeof buf,f);
+	if(ferror(f))
+	    {
+	    clearerr(f);
+	    fclose(f);
+	    FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
+	    return 0;
+	    }
+	if (n) HMAC_Update(&hmac,buf,n);
+	}
+    fclose(f);
+    HMAC_Final(&hmac,mdbuf,&n);
+    HMAC_CTX_cleanup(&hmac);
+
+    path[len-1]='.';
+    strcpy(path+len,HMAC_EXT);
+    f=fopen(path,"rb");
+    if(!f || fread(buf,1,20,f) != 20)
+	{
+	if (f) fclose(f);
+	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
+	return 0;
+	}
+    fclose(f);
+    if(memcmp(buf,mdbuf,20))
+	{
+	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
+	return 0;
+	}
+    return 1;
+    }
+#else
 static int FIPS_check_exe(const char *path)
     {
     unsigned char buf[1024];
@@ -152,9 +219,8 @@ static int FIPS_check_exe(const char *path)
     unsigned int n;
     unsigned char mdbuf[EVP_MAX_MD_SIZE];
     FILE *f;
-    static char key[]="etaonrishdlcupfm";
     HMAC_CTX hmac;
-    const char *sha1_fmt="%s.sha1";
+    const char *sha1_fmt="%s."HMAC_EXT;
 
     f=fopen(path,"rb");
 #ifdef __CYGWIN32__
@@ -163,7 +229,7 @@ static int FIPS_check_exe(const char *path)
        just in case the behavior changes in the future... */
     if (!f)
 	{
-	sha1_fmt="%s.exe.sha1";
+	sha1_fmt="%s.exe."HMAC_EXT;
 	BIO_snprintf(p2,sizeof p2,"%s.exe",path);
 	f=fopen(p2,"rb");
 	}
@@ -205,10 +271,10 @@ static int FIPS_check_exe(const char *path)
 	}
     return 1;
     }
+#endif
 
 int FIPS_mode_set(int onoff,const char *path)
     {
-    void fips_set_mode(int _onoff);
     int fips_set_owning_thread();
     int fips_clear_owning_thread();
     int ret = 0;
@@ -233,7 +299,11 @@ int FIPS_mode_set(int onoff,const char *path)
 	    goto end;
 	    }
 
+#ifdef OPENSSL_PIC
+	if(!FIPS_check_dso())
+#else
 	if(!FIPS_check_exe(path))
+#endif
 	    {
 	    fips_selftest_fail = 1;
 	    ret = 0;

fips/fips.h

@@ -108,7 +108,9 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_HASH_FINAL				 100
 #define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 114
 #define FIPS_F_RSA_GENERATE_KEY				 113
+#define FIPS_F_RSA_X931_GENERATE_KEY			 119
 #define FIPS_F_SSLEAY_RAND_BYTES			 101
+#define FIPS_F_FIPS_CHECK_DSO				 120
 
 /* Reason codes. */
 #define FIPS_R_CANNOT_READ_EXE				 103
@@ -116,10 +118,12 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH		 105
 #define FIPS_R_FIPS_MODE_ALREADY_SET			 102
 #define FIPS_R_FIPS_SELFTEST_FAILED			 106
+#define FIPS_R_INVALID_KEY_LENGTH			 109
+#define FIPS_R_KEY_TOO_SHORT				 108
 #define FIPS_R_NON_FIPS_METHOD				 100
 #define FIPS_R_PAIRWISE_TEST_FAILED			 107
 #define FIPS_R_SELFTEST_FAILED				 101
-#define FIPS_R_KEY_TOO_SHORT				 108
+#define FIPS_R_NO_DSO_PATH				 110
 
 #ifdef  __cplusplus
 }

fips/fips_err.h

@@ -84,11 +84,13 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),	"FIPS_selftest_dsa"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),	"FIPS_selftest_rng"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RSA),	"FIPS_selftest_rsa"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA),	"FIPS_selftest_sha"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA),	"FIPS_SELFTEST_SHA"},
 {ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_FUNC(FIPS_F_RSA_GENERATE_KEY),	"RSA_generate_key"},
+{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY),	"RSA_X931_generate_key"},
 {ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_DSO),	"FIPS_check_dso"},
 {0,NULL}
 	};
 
@@ -99,9 +101,12 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"},
 {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
 {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
+{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH)   ,"invalid key length"},
+{ERR_REASON(FIPS_R_KEY_TOO_SHORT)        ,"key too short"},
 {ERR_REASON(FIPS_R_NON_FIPS_METHOD)      ,"non fips method"},
 {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
 {ERR_REASON(FIPS_R_SELFTEST_FAILED)      ,"selftest failed"},
+{ERR_REASON(FIPS_R_NO_DSO_PATH)		 ,"DSO can't be determined"},
 {0,NULL}
 	};
 
@@ -109,11 +114,11 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 
 void ERR_load_FIPS_strings(void)
 	{
-	static int init;
+	static int init=1;
 
-	if (!init)
+	if (init)
 		{
-		init=1;
+		init=0;
 #ifndef OPENSSL_NO_ERR
 		ERR_load_strings(0,FIPS_str_functs);
 		ERR_load_strings(0,FIPS_str_reasons);

fips/fipshashes.c

@@ -1,8 +1,8 @@
 const char * const FIPS_source_hashes[] = {
-"HMAC-SHA1(fips.c)= 7cbbda3b9e8aec46ee31797179cb72faeef80712",
+"HMAC-SHA1(fips.c)= c5116c8f381d5981d840d240f66c8303b866f5f6",
 "HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898",
-"HMAC-SHA1(fips.h)= e85fdc2fe6ad2dbf0662691e87af4b6b240da62e",
-"HMAC-SHA1(fips_err.h)= 0b2bd6999ee5792fec3739689cde5f352789e63a",
+"HMAC-SHA1(fips.h)= 23151c26e0c735c09b0f229a16a31235150b4ca4",
+"HMAC-SHA1(fips_err.h)= 11cc657a0c7989efdeb28dd7c6b3941b1ad08c39",
 "HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55",
 "HMAC-SHA1(aes/asm/fips-ax86-elf.s)= f797b524a79196e7f59458a5b223432fcfd4a868",
 "HMAC-SHA1(aes/fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0",
@@ -14,25 +14,26 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
 "HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
 "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
-"HMAC-SHA1(dh/fips_dh_key.c)= 0b810d411090abd6b676a7ca730c35362fbd04a4",
-"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 8bb943c0fd1adf04f6a845f4d1727c5472697e93",
+"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca",
+"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d",
 "HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
 "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
 "HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
 "HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
 "HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c",
-"HMAC-SHA1(rsa/fips_rsa_eay.c)= 2596773a7af8f037427217b79f56858296961d66",
-"HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
+"HMAC-SHA1(rsa/fips_rsa_eay.c)= 2512f849a220daa083f346b10effdb2ee96d4395",
+"HMAC-SHA1(rsa/fips_rsa_gen.c)= 577466931c054d99caf4ac2aefff0e35efd94024",
 "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
-"HMAC-SHA1(sha1/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
-"HMAC-SHA1(sha1/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
-"HMAC-SHA1(sha1/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
-"HMAC-SHA1(sha1/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
-"HMAC-SHA1(sha1/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
-"HMAC-SHA1(sha1/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
-"HMAC-SHA1(sha1/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
-"HMAC-SHA1(sha1/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c",
-"HMAC-SHA1(sha1/fips_sha512.c)= 27e16912ff196982425c00fe266fa84ef4f48fcd",
+"HMAC-SHA1(rsa/fips_rsa_x931g.c)= 1827d381bb21c53a38a7194cb1c428a2b5f1e3ab",
+"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
+"HMAC-SHA1(sha/fips_standalone_sha1.c)= 46a66875e68398eabca2e933958a2d865149ca1b",
+"HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
+"HMAC-SHA1(sha/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
+"HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
+"HMAC-SHA1(sha/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
+"HMAC-SHA1(sha/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
+"HMAC-SHA1(sha/fips_sha256.c)= 97e6dee22a1fe993cc48aa8ff37af10701d7f599",
+"HMAC-SHA1(sha/fips_sha512.c)= 74e6ef26de96f774d233888b831289e69834dd79",
 "HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef",
 "HMAC-SHA1(hmac/fips_hmac_selftest.c)= ebb32b205babf4300017de767fd6e3f1879765c9",
 };

fips/hmac/Makefile

@@ -62,20 +62,13 @@ tags:
 
 tests:
 
-top_fips_hmactest:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_hmactest sub_target)
-
-fips_hmactest: fips_hmactest.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_hmactest fips_hmactest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_hmactest
-
 Q=../testvectors/hmac/req
 A=../testvectors/hmac/rsp
 
-fips_test: top top_fips_hmactest
+fips_test:
 	-rm -rf $(A)
 	mkdir $(A)
-	./fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp
+	if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

fips/hmac/fips_hmactest.c

@@ -250,12 +250,16 @@ int hmac_test(BIO *err, const EVP_MD *md, BIO *out, BIO *in)
 			if (Msg)
 				goto parse_error;
 			Msg = string_to_hex(value, &Msglen);
+			if (!Msg)
+				goto parse_error;
 			}
 		else if (!strcmp(keyword, "Key"))
 			{
 			if (Key)
 				goto parse_error;
 			Key = string_to_hex(value, &Keylen);
+			if (!Key)
+				goto parse_error;
 			}
 		else if (!strcmp(keyword, "Mac"))
 			continue;

fips/install.com

@@ -26,14 +26,16 @@ $	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
 $	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
 	   CREATE/DIR/LOG WRK_SSLINCLUDE:
 $
-$	FDIRS := ,RAND,SHA1,DES,AES,DSA,RSA
+$	FDIRS := ,RAND,SHA1,DES,AES,DSA,RSA,DH,HMAC
 $	EXHEADER_ := fips.h
-$	EXHEADER_SHA1 :=
+$	EXHEADER_SHA := fips_sha.h
 $	EXHEADER_RAND := fips_rand.h
 $	EXHEADER_DES :=
 $	EXHEADER_AES :=
 $	EXHEADER_DSA :=
 $	EXHEADER_RSA :=
+$	EXHEADER_DH :=
+$	EXHEADER_HMAC :=
 $
 $	I = 0
 $ LOOP_FDIRS: 

fips/openssl_fips_fingerprint

@@ -5,6 +5,7 @@
 
 lib=$1
 exe=$2
+ext=${HMAC_EXT:-sha1}
 
 # deal with the case where we're run from within the build and OpenSSL is
 # not yet installed.  Also, make sure LD_LIBRARY_PATH is properly set in
@@ -22,9 +23,9 @@ else
 fi
 
 echo "Checking library fingerprint for $lib"
-openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
+openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.$ext - || { echo "$libs fingerprint mismatch"; exit 1; }
 
 [ -x $exe.exe ] && exe=$exe.exe
 
 echo "Making fingerprint for $exe"
-openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1 || rm $exe.sha1
+openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext

fips/rand/Makefile

@@ -18,7 +18,7 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST= fips_randtest.c
+TEST= fips_randtest.c fips_rngvs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
@@ -62,21 +62,14 @@ tags:
 
 tests:
 
-top_fips_rngvs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rngvs sub_target)
-
-fips_rngvs: fips_rngvs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_rngvs fips_rngvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rngvs
-
 Q=../testvectors/rng/req
 A=../testvectors/rng/rsp
 
-fips_test: top_fips_rngvs
+fips_test:
 	-rm -rf $(A)
 	mkdir $(A)
-	./fips_rngvs mct < $(Q)/MCT.req > $(A)/MCT.rsp
-	./fips_rngvs vst < $(Q)/VST.req > $(A)/VST.rsp
+	if [ -f $(Q)/ANSI931_TDES2MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_TDES2MCT.req > $(A)/ANSI931_TDES2MCT.rsp; fi
+	if [ -f $(Q)/ANSI931_TDES2VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_TDES2VST.req > $(A)/ANSI931_TDES2VST.rsp; fi
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

fips/rsa/Makefile

@@ -18,12 +18,12 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST= fips_rsavtest.c fips_rsastest.c
+TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c
-LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o
+LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c
+LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o
 
 SRC= $(LIBSRC)
 
@@ -62,28 +62,23 @@ tags:
 
 tests:
 
-top_fips_rsastest:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsastest sub_target)
-
-top_fips_rsavtest:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsavtest sub_target)
-
-fips_rsastest: fips_rsastest.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_rsastest fips_rsastest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsastest
-
-fips_rsavtest: fips_rsavtest.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_rsavtest fips_rsavtest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsavtest
-
 Q=../testvectors/rsa/req
 A=../testvectors/rsa/rsp
+Q62=../testvectors/rsa_salt_62/req
+A62=../testvectors/rsa_salt_62/rsp
 
-fips_test: top top_fips_rsastest top_fips_rsavtest
-	-rm -rf $(A)
-	mkdir $(A)
-	./fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp
-	./fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp
+fips_test:
+	-rm -rf $(A) $(A62)
+	mkdir $(A) $(A62)
+	if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req  > $(A)/SigGen15.rsp; fi
+	if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
+	if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
+	if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
+	if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
+	if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
+	if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
+	if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
+	if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

fips/rsa/fips_rsa_eay.c

@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <openssl/err.h>
@@ -240,7 +293,7 @@ err:
 static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
 	     unsigned char *to, RSA *rsa, int padding)
 	{
-	BIGNUM f,ret;
+	BIGNUM f,ret, *res;
 	int i,j,k,num=0,r= -1;
 	unsigned char *buf=NULL;
 	BN_CTX *ctx=NULL;
@@ -266,6 +319,9 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 	case RSA_NO_PADDING:
 		i=RSA_padding_add_none(buf,num,from,flen);
 		break;
+	case RSA_X931_PADDING:
+		i=RSA_padding_add_X931(buf,num,from,flen);
+		break;
 	case RSA_SSLV23_PADDING:
 	default:
 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
@@ -322,19 +378,43 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
 		(rsa->iqmp != NULL)) )
-		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+		{ 
+		if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+		}
 	else
 		{
-		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+		BIGNUM local_d;
+		BIGNUM *d = NULL;
+		
+		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+			{
+			BN_init(&local_d);
+			d = &local_d;
+			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+			}
+		else
+			d = rsa->d;
+		if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
 		}
 
 	if (blinding)
 		if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
 
+	if (padding == RSA_X931_PADDING)
+		{
+		BN_sub(&f, rsa->n, &ret);
+		if (BN_cmp(&ret, &f))
+			res = &f;
+		else
+			res = &ret;
+		}
+	else
+		res = &ret;
+
 	/* put in leading 0 bytes if the number is less than the
 	 * length of the modulus */
-	j=BN_num_bytes(&ret);
-	i=BN_bn2bin(&ret,&(to[num-j]));
+	j=BN_num_bytes(res);
+	i=BN_bn2bin(res,&(to[num-j]));
 	for (k=0; k<(num-i); k++)
 		to[k]=0;
 
@@ -435,10 +515,22 @@ static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
 		(rsa->iqmp != NULL)) )
-		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+		{
+		if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+		}
 	else
 		{
-		if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+		BIGNUM local_d;
+		BIGNUM *d = NULL;
+		
+		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+			{
+			d = &local_d;
+			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+			}
+		else
+			d = rsa->d;
+		if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
 			goto err;
 		}
 
@@ -536,6 +628,9 @@ static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fro
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;
 
+	if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
+		BN_sub(&ret, rsa->n, &ret);
+
 	p=buf;
 	i=BN_bn2bin(&ret,p);
 
@@ -544,6 +639,9 @@ static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fro
 	case RSA_PKCS1_PADDING:
 		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
 		break;
+	case RSA_X931_PADDING:
+		r=RSA_padding_check_X931(to,num,buf,i,num);
+		break;
 	case RSA_NO_PADDING:
 		r=RSA_padding_check_none(to,num,buf,i,num);
 		break;
@@ -569,6 +667,8 @@ err:
 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
 	BIGNUM r1,m1,vrfy;
+	BIGNUM local_dmp1, local_dmq1;
+	BIGNUM *dmp1, *dmq1;
 	int ret=0;
 	BN_CTX *ctx;
 
@@ -577,7 +677,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	BN_init(&vrfy);
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
-
 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
 		{
 		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
@@ -589,11 +688,25 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 		}
 
 	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-	if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+	if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+		{
+		dmq1 = &local_dmq1;
+		BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
+		}
+	else
+		dmq1 = rsa->dmq1;
+	if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
 		rsa->_method_mod_q)) goto err;
 
 	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-	if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+	if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+		{
+		dmp1 = &local_dmp1;
+		BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
+		}
+	else
+		dmp1 = rsa->dmp1;
+	if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
 		rsa->_method_mod_p)) goto err;
 
 	if (!BN_sub(r0,r0,&m1)) goto err;
@@ -628,10 +741,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 		if (vrfy.neg)
 			if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
 		if (!BN_is_zero(&vrfy))
+			{
 			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
 			 * miscalculated CRT output, just do a raw (slower)
 			 * mod_exp and return that instead. */
-			if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+
+			BIGNUM local_d;
+			BIGNUM *d = NULL;
+		
+			if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+				{
+				d = &local_d;
+				BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+				}
+			else
+				d = rsa->d;
+			if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
+			}
 		}
 	ret=1;
 err:

fips/rsa/fips_rsa_gen.c

@@ -68,7 +68,7 @@ void *OPENSSL_stderr(void);
 
 #ifdef OPENSSL_FIPS
 
-static int fips_check_rsa(RSA *rsa)
+int fips_check_rsa(RSA *rsa)
     {
     int n, ret = 0;
     unsigned char tctext[256], *ctext = tctext;

fips/rsa/fips_rsa_x931g.c

@@ -0,0 +1,289 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+extern int fips_check_rsa(RSA *rsa);
+
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+			const BIGNUM *e)
+	{
+	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
+	BN_CTX *ctx=NULL,*ctx2=NULL;
+
+	if (!rsa) 
+		goto err;
+
+	ctx = BN_CTX_new();
+	BN_CTX_start(ctx);
+	if (!ctx) 
+		goto err;
+
+	r0 = BN_CTX_get(ctx);
+	r1 = BN_CTX_get(ctx);
+	r2 = BN_CTX_get(ctx);
+	r3 = BN_CTX_get(ctx);
+
+	if (r3 == NULL)
+		goto err;
+	if (!rsa->e)
+		{
+		rsa->e = BN_dup(e);
+		if (!rsa->e)
+			goto err;
+		}
+	else
+		e = rsa->e;
+
+	/* If not all parameters present only calculate what we can.
+	 * This allows test programs to output selective parameters.
+	 */
+
+	if (Xp && !rsa->p)
+		{
+		rsa->p = BN_new();
+		if (!rsa->p)
+			goto err;
+
+		if (!BN_X931_derive_prime(rsa->p, p1, p2, cb, cb_arg,
+					Xp, Xp1, Xp2, e, ctx))
+			goto err;
+		}
+
+	if (Xq && !rsa->q)
+		{
+		rsa->q = BN_new();
+		if (!rsa->q)
+			goto err;
+		if (!BN_X931_derive_prime(rsa->q, q1, q2, cb, cb_arg,
+					Xq, Xq1, Xq2, e, ctx))
+			goto err;
+		}
+
+	if (!rsa->p || !rsa->q)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		return 2;
+		}
+
+	/* Since both primes are set we can now calculate all remaining 
+	 * components.
+	 */
+
+	/* calculate n */
+	rsa->n=BN_new();
+	if (rsa->n == NULL)
+		goto err;
+	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
+		goto err;
+
+	/* calculate d */
+	if (!BN_sub(r1,rsa->p,BN_value_one()))
+		goto err;	/* p-1 */
+	if (!BN_sub(r2,rsa->q,BN_value_one()))
+		goto err;	/* q-1 */
+	if (!BN_mul(r0,r1,r2,ctx))
+		goto err;	/* (p-1)(q-1) */
+
+	if (!BN_gcd(r3, r1, r2, ctx))
+		goto err;
+
+	if (!BN_div(r0, NULL, r0, r3, ctx))
+		goto err;	/* LCM((p-1)(q-1)) */
+
+	ctx2 = BN_CTX_new();
+	if (!ctx2)
+		goto err;
+
+	rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);	/* d */
+	if (rsa->d == NULL)
+		goto err;
+
+	/* calculate d mod (p-1) */
+	rsa->dmp1=BN_new();
+	if (rsa->dmp1 == NULL)
+		goto err;
+	if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
+		goto err;
+
+	/* calculate d mod (q-1) */
+	rsa->dmq1=BN_new();
+	if (rsa->dmq1 == NULL)
+		goto err;
+	if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
+		goto err;
+
+	/* calculate inverse of q mod p */
+	rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+
+	err:
+	if (ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+	if (ctx2)
+		BN_CTX_free(ctx2);
+	/* If this is set all calls successful */
+	if (rsa->iqmp != NULL)
+		return 1;
+
+	return 0;
+
+	}
+
+RSA *RSA_X931_generate_key(FIPS_RSA_SIZE_T bits, const BIGNUM *e,
+	     void (*cb)(int,int,void *), void *cb_arg)
+	{
+	RSA *rsa = NULL;
+	int ok = 0;
+	BIGNUM *Xp = NULL, *Xq = NULL;
+	BN_CTX *ctx = NULL;
+	
+	if (bits < 1024)
+	    {
+	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT);
+	    return NULL;
+	    }
+
+	if (bits & 0xff)
+	    {
+	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_INVALID_KEY_LENGTH);
+	    return NULL;
+	    }
+
+	if(FIPS_selftest_failed())
+	    {
+	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
+	    return NULL;
+	    }
+
+	ctx = BN_CTX_new();
+	if (!ctx)
+		goto error;
+
+	BN_CTX_start(ctx);
+	Xp = BN_CTX_get(ctx);
+	Xq = BN_CTX_get(ctx);
+	if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+		goto error;
+
+	rsa = RSA_new();
+	if (!rsa)
+		goto error;
+	rsa->p = BN_new();
+	rsa->q = BN_new();
+	if (!rsa->p || !rsa->q)
+		goto error;
+
+	/* Generate two primes from Xp, Xq */
+
+	if (!BN_X931_generate_prime(rsa->p, NULL, NULL, NULL, NULL, Xp,
+					e, ctx, cb, cb_arg))
+		goto error;
+
+	if (!BN_X931_generate_prime(rsa->q, NULL, NULL, NULL, NULL, Xq,
+					e, ctx, cb, cb_arg))
+		goto error;
+
+	/* Since rsa->p and rsa->q are valid this call will just derive
+	 * remaining RSA components.
+	 */
+
+	if (!RSA_X931_derive(rsa, NULL, NULL, NULL, NULL, cb, cb_arg,
+				NULL, NULL, NULL, NULL, NULL, NULL, e))
+		goto error;
+
+	if(!fips_check_rsa(rsa))
+	    goto error;
+
+	ok = 1;
+
+	error:
+	if (ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+
+	if (ok)
+		return rsa;
+
+	if (rsa)
+		RSA_free(rsa);
+
+	return NULL;
+
+	}
+
+#endif

fips/rsa/fips_rsagtest.c

@@ -0,0 +1,420 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+extern int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+			void (*cb)(int, int, void *), void *cb_arg,
+			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+			const BIGNUM *e);
+
+int rsa_test(BIO *err, BIO *out, BIO *in);
+static int rsa_printkey1(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+		BIGNUM *e);
+static int rsa_printkey2(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *err = NULL;
+
+	int ret = 1;
+	ERR_load_crypto_strings();
+
+	err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!err)
+		{
+		fprintf(stderr, "FATAL stderr initialization error\n");
+		goto end;
+		}
+
+	if(!FIPS_mode_set(1,argv[0]))
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+
+	if (argc == 1)
+		in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	else
+		in = BIO_new_file(argv[1], "r");
+
+	if (argc < 2)
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	else
+		out = BIO_new_file(argv[2], "w");
+
+	if (!in)
+		{
+		BIO_printf(err, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!rsa_test(err, out, in))
+		{
+		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (ret && err)
+		ERR_print_errors(err);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (err)
+		BIO_free(err);
+
+	return ret;
+
+	}
+
+
+static void do_bn_print(BIO *out, const char *name, BIGNUM *b)
+	{
+	char *htmp, *p;
+	/* Can't use BN_print_fp because it uses upper case so
+	 * use BN_bn2hex() and convert.
+	 */
+	htmp = BN_bn2hex(b);
+	for(p = htmp; *p; p++)
+		{
+		if (isupper(*p))
+			*p = tolower(*p);
+		}
+	BIO_printf(out, "%s = %s\n", name, htmp);
+	OPENSSL_free(htmp);
+	}
+
+#define RSA_TEST_MAXLINELEN	10240
+
+int rsa_test(BIO *err, BIO *out, BIO *in)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	RSA *rsa = NULL;
+	BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
+	BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
+	BIGNUM *e = NULL;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	while (BIO_gets(in, olinebuf, RSA_TEST_MAXLINELEN) > 0)
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [foo = bar] line) just copy */
+		if (!p || *keyword=='[')
+			{
+			if (!BIO_puts(out, olinebuf))
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword, "xp1"))
+			{
+			if (Xp1 || !BN_hex2bn(&Xp1,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xp2"))
+			{
+			if (Xp2 || !BN_hex2bn(&Xp2,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Xp"))
+			{
+			if (Xp || !BN_hex2bn(&Xp,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xq1"))
+			{
+			if (Xq1 || !BN_hex2bn(&Xq1,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xq2"))
+			{
+			if (Xq2 || !BN_hex2bn(&Xq2,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Xq"))
+			{
+			if (Xq || !BN_hex2bn(&Xq,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "e"))
+			{
+			if (e || !BN_hex2bn(&e,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "p1"))
+			continue;
+		else if (!strcmp(keyword, "p2"))
+			continue;
+		else if (!strcmp(keyword, "p"))
+			continue;
+		else if (!strcmp(keyword, "q1"))
+			continue;
+		else if (!strcmp(keyword, "q2"))
+			continue;
+		else if (!strcmp(keyword, "q"))
+			continue;
+		else if (!strcmp(keyword, "n"))
+			continue;
+		else if (!strcmp(keyword, "d"))
+			continue;
+		else
+			goto parse_error;
+
+		BIO_puts(out, olinebuf);
+
+		if (e && Xp1 && Xp2 && Xp)
+			{
+			rsa = RSA_new();
+			if (!rsa)
+				goto error;
+			if (!rsa_printkey1(err, out, rsa, Xp1, Xp2, Xp, e))
+				goto error;
+			BN_free(Xp1);
+			Xp1 = NULL;
+			BN_free(Xp2);
+			Xp2 = NULL;
+			BN_free(Xp);
+			Xp = NULL;
+			BN_free(e);
+			e = NULL;
+			}
+
+		if (rsa && Xq1 && Xq2 && Xq)
+			{
+			if (!rsa_printkey2(err, out, rsa, Xq1, Xq2, Xq))
+				goto error;
+			BN_free(Xq1);
+			Xq1 = NULL;
+			BN_free(Xq2);
+			Xq2 = NULL;
+			BN_free(Xq);
+			Xq = NULL;
+			RSA_free(rsa);
+			rsa = NULL;
+			}
+		}
+
+	ret = 1;
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+
+	if (Xp1)
+		BN_free(Xp1);
+	if (Xp2)
+		BN_free(Xp2);
+	if (Xp)
+		BN_free(Xp);
+	if (Xq1)
+		BN_free(Xq1);
+	if (Xq1)
+		BN_free(Xq1);
+	if (Xq2)
+		BN_free(Xq2);
+	if (Xq)
+		BN_free(Xq);
+	if (e)
+		BN_free(e);
+	if (rsa)
+		RSA_free(rsa);
+
+	return ret;
+
+	parse_error:
+
+	BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int rsa_printkey1(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+		BIGNUM *e)
+	{
+	int ret = 0;
+	BIGNUM *p1 = NULL, *p2 = NULL;
+	p1 = BN_new();
+	p2 = BN_new();
+	if (!p1 || !p2)
+		goto error;
+
+	if (!RSA_X931_derive(rsa, p1, p2, NULL, NULL, 0, NULL, Xp1, Xp2, Xp,
+							NULL, NULL, NULL, e))
+		goto error;
+
+	do_bn_print(out, "p1", p1);
+	do_bn_print(out, "p2", p2);
+	do_bn_print(out, "p", rsa->p);
+
+	ret = 1;
+
+	error:
+	if (p1)
+		BN_free(p1);
+	if (p2)
+		BN_free(p2);
+
+	return ret;
+	}
+
+static int rsa_printkey2(BIO *err, BIO *out, RSA *rsa,
+		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
+	{
+	int ret = 0;
+	BIGNUM *q1 = NULL, *q2 = NULL;
+	q1 = BN_new();
+	q2 = BN_new();
+	if (!q1 || !q2)
+		goto error;
+
+	if (!RSA_X931_derive(rsa, NULL, NULL, q1, q2, 0, NULL, NULL, NULL, NULL,
+							Xq1, Xq2, Xq, NULL))
+		goto error;
+
+	do_bn_print(out, "q1", q1);
+	do_bn_print(out, "q2", q2);
+	do_bn_print(out, "q", rsa->q);
+	do_bn_print(out, "n", rsa->n);
+	do_bn_print(out, "d", rsa->d);
+
+	ret = 1;
+
+	error:
+	if (q1)
+		BN_free(q1);
+	if (q2)
+		BN_free(q2);
+
+	return ret;
+	}
+
+#endif

fips/rsa/fips_rsastest.c

@@ -75,15 +75,15 @@ int main(int argc, char *argv[])
 
 #else
 
-static int rsa_stest(BIO *err, BIO *out, BIO *in);
+static int rsa_stest(BIO *err, BIO *out, BIO *in, int Saltlen);
 static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
-		unsigned char *Msg, long Msglen);
+		unsigned char *Msg, long Msglen, int Saltlen);
 
 int main(int argc, char **argv)
 	{
 	BIO *in = NULL, *out = NULL, *err = NULL;
 
-	int ret = 1;
+	int ret = 1, Saltlen = -1;
 	ERR_load_crypto_strings();
 
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -100,6 +100,24 @@ int main(int argc, char **argv)
 		goto end;
 		}
 
+	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+		{
+		Saltlen = atoi(argv[2]);
+		if (Saltlen < 0)
+			{
+			BIO_printf(err, "FATAL: Invalid salt length\n");
+			goto end;
+			}
+		argc -= 2;
+		argv += 2;
+		}
+	else if ((argc > 1) && !strcmp("-x931", argv[1]))
+		{
+		Saltlen = -2;
+		argc--;
+		argv++;
+		}
+
 	if (argc == 1)
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
 	else
@@ -122,7 +140,7 @@ int main(int argc, char **argv)
 		goto end;
 		}
 
-	if (!rsa_stest(err, out, in))
+	if (!rsa_stest(err, out, in, Saltlen))
 		{
 		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
 		goto end;
@@ -148,7 +166,7 @@ int main(int argc, char **argv)
 
 #define RSA_TEST_MAXLINELEN	10240
 
-int rsa_stest(BIO *err, BIO *out, BIO *in)
+int rsa_stest(BIO *err, BIO *out, BIO *in, int Saltlen)
 	{
 	char *linebuf, *olinebuf, *p, *q;
 	char *keyword, *value;
@@ -271,7 +289,8 @@ int rsa_stest(BIO *err, BIO *out, BIO *in)
 
 		if (Msg && dgst)
 			{
-			if (!rsa_printsig(err, out, rsa, dgst, Msg, Msglen))
+			if (!rsa_printsig(err, out, rsa, dgst, Msg, Msglen,
+								Saltlen))
 				goto error;
 			OPENSSL_free(Msg);
 			Msg = NULL;
@@ -301,11 +320,11 @@ int rsa_stest(BIO *err, BIO *out, BIO *in)
 	}
 
 static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
-		unsigned char *Msg, long Msglen)
+		unsigned char *Msg, long Msglen, int Saltlen)
 	{
 	int ret = 0;
 	unsigned char *sigbuf = NULL;
-	unsigned int i, siglen;
+	int i, siglen;
 	/* EVP_PKEY structure */
 	EVP_PKEY *key = NULL;
 	EVP_MD_CTX ctx;
@@ -322,12 +341,46 @@ static int rsa_printsig(BIO *err, BIO *out, RSA *rsa, const EVP_MD *dgst,
 
 	EVP_MD_CTX_init(&ctx);
 
-	if (!EVP_SignInit_ex(&ctx, dgst, NULL))
-		goto error;
-	if (!EVP_SignUpdate(&ctx, Msg, Msglen))
-		goto error;
-	if (!EVP_SignFinal(&ctx, sigbuf, &siglen, key))
-		goto error;
+	if (Saltlen != -1)
+		{
+		unsigned int mdlen;
+		unsigned char mdtmp[EVP_MAX_MD_SIZE + 1];
+
+		if (!EVP_DigestInit_ex(&ctx, dgst, NULL))
+			goto error;
+		if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+			goto error;
+		if (!EVP_DigestFinal(&ctx, mdtmp, &mdlen))
+			goto error;
+	
+		if (Saltlen == -2)
+			{
+			mdtmp[mdlen] = RSA_X931_hash_id(EVP_MD_type(dgst));
+			siglen = RSA_private_encrypt(mdlen + 1, mdtmp,
+					sigbuf, rsa, RSA_X931_PADDING);
+			if (siglen <= 0)
+				goto error;
+			}
+		else
+			{
+			if (!RSA_padding_add_PKCS1_PSS(rsa, sigbuf, mdtmp,
+							dgst, Saltlen))
+				goto error;
+			siglen = RSA_private_encrypt(siglen, sigbuf, sigbuf,
+						rsa, RSA_NO_PADDING);
+			if (siglen <= 0)
+				goto error;
+			}
+		}
+	else
+		{
+		if (!EVP_SignInit_ex(&ctx, dgst, NULL))
+			goto error;
+		if (!EVP_SignUpdate(&ctx, Msg, Msglen))
+			goto error;
+		if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, key))
+			goto error;
+		}
 
 	EVP_MD_CTX_cleanup(&ctx);
 

fips/rsa/fips_rsavtest.c

@@ -75,18 +75,19 @@ int main(int argc, char *argv[])
 
 #else
 
-static int rsa_test(BIO *err, BIO *out, BIO *in);
+int rsa_test(BIO *err, BIO *out, BIO *in, int saltlen);
 static int rsa_printver(BIO *err, BIO *out,
 		BIGNUM *n, BIGNUM *e,
 		const EVP_MD *dgst,
 		unsigned char *Msg, long Msglen,
-		unsigned char *S, long Slen);
+		unsigned char *S, long Slen, int Saltlen);
 
 int main(int argc, char **argv)
 	{
 	BIO *in = NULL, *out = NULL, *err = NULL;
 
 	int ret = 1;
+	int Saltlen = -1;
 	ERR_load_crypto_strings();
 
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -103,6 +104,24 @@ int main(int argc, char **argv)
 		goto end;
 		}
 
+	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+		{
+		Saltlen = atoi(argv[2]);
+		if (Saltlen < 0)
+			{
+			BIO_printf(err, "FATAL: Invalid salt length\n");
+			goto end;
+			}
+		argc -= 2;
+		argv += 2;
+		}
+	else if ((argc > 1) && !strcmp("-x931", argv[1]))
+		{
+		Saltlen = -2;
+		argc--;
+		argv++;
+		}
+
 	if (argc == 1)
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
 	else
@@ -125,7 +144,7 @@ int main(int argc, char **argv)
 		goto end;
 		}
 
-	if (!rsa_test(err, out, in))
+	if (!rsa_test(err, out, in, Saltlen))
 		{
 		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
 		goto end;
@@ -151,7 +170,7 @@ int main(int argc, char **argv)
 
 #define RSA_TEST_MAXLINELEN	10240
 
-int rsa_test(BIO *err, BIO *out, BIO *in)
+int rsa_test(BIO *err, BIO *out, BIO *in, int Saltlen)
 	{
 	char *linebuf, *olinebuf, *p, *q;
 	char *keyword, *value;
@@ -267,7 +286,7 @@ int rsa_test(BIO *err, BIO *out, BIO *in)
 		if (n && e && Msg && S && dgst)
 			{
 			if (!rsa_printver(err, out, n, e, dgst,
-						Msg, Msglen, S, Slen))
+					Msg, Msglen, S, Slen, Saltlen))
 				goto error;
 			OPENSSL_free(Msg);
 			Msg = NULL;
@@ -306,13 +325,14 @@ static int rsa_printver(BIO *err, BIO *out,
 		BIGNUM *n, BIGNUM *e,
 		const EVP_MD *dgst,
 		unsigned char *Msg, long Msglen,
-		unsigned char *S, long Slen)
+		unsigned char *S, long Slen, int Saltlen)
 	{
 	int ret = 0, r;
 	/* Setup RSA and EVP_PKEY structures */
 	RSA *rsa_pubkey = NULL;
 	EVP_PKEY *pubkey = NULL;
 	EVP_MD_CTX ctx;
+	unsigned char *buf = NULL;
 	rsa_pubkey = RSA_new();
 	pubkey = EVP_PKEY_new();
 	if (!rsa_pubkey || !pubkey)
@@ -326,18 +346,63 @@ static int rsa_printver(BIO *err, BIO *out,
 
 	EVP_MD_CTX_init(&ctx);
 
-	if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
-		goto error;
-	if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
-		goto error;
+	if (Saltlen != -1)
+		{
+		int pad;
+		unsigned char mdtmp[EVP_MAX_MD_SIZE];
+		buf = OPENSSL_malloc(RSA_size(rsa_pubkey));
+		if (Saltlen == -2)
+			pad = RSA_X931_PADDING;
+		else
+			pad = RSA_NO_PADDING;
+		if (!buf)
+			goto error;
+		r = RSA_public_decrypt(Slen, S, buf, rsa_pubkey, pad);
 
-	r = EVP_VerifyFinal(&ctx, S, Slen, pubkey);
+		if (r > 0)
+			{
+			EVP_DigestInit_ex(&ctx, dgst, NULL);
+			if (!EVP_DigestUpdate(&ctx, Msg, Msglen))
+				goto error;
+			if (!EVP_DigestFinal_ex(&ctx, mdtmp, NULL))
+				goto error;
+			if (pad == RSA_X931_PADDING)
+				{
+				int mdlen = EVP_MD_size(dgst);
+				if (r != mdlen + 1)
+					r = 0;
+				else if (buf[mdlen] !=
+				    RSA_X931_hash_id(EVP_MD_type(dgst)))
+					r = 0;
+				else if (memcmp(buf, mdtmp, mdlen))
+					r = 0;
+				else
+					r = 1;
+				}
+			else
+				r = RSA_verify_PKCS1_PSS(rsa_pubkey,
+							mdtmp, dgst,
+							buf, Saltlen);
+			}
+		if (r < 0)
+			r = 0;
+		}
+	else
+		{
+
+		if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
+			goto error;
+		if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
+			goto error;
+
+		r = EVP_VerifyFinal(&ctx, S, Slen, pubkey);
+
+		}
 
 	EVP_MD_CTX_cleanup(&ctx);
 
 	if (r < 0)
 		goto error;
-
 	ERR_clear_error();
 
 	if (r == 0)
@@ -352,6 +417,8 @@ static int rsa_printver(BIO *err, BIO *out,
 		RSA_free(rsa_pubkey);
 	if (pubkey)
 		EVP_PKEY_free(pubkey);
+	if (buf)
+		OPENSSL_free(buf);
 
 	return ret;
 	}

fips/sha/Makefile

@@ -1,8 +1,8 @@
 #
-# SSLeay/fips/sha1/Makefile
+# SSLeay/fips/sha/Makefile
 #
 
-DIR=	sha1
+DIR=	sha
 TOP=	../..
 CC=	cc
 INCLUDES=
@@ -19,8 +19,8 @@ EXE_EXT=
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST= fips_sha1test.c
-TESTDATA= sha1vectors.txt sha1hashes.txt
+TEST= fips_shatest.c
+TESTDATA= SHAmix.req SHAmix.fax
 APPS=
 EXE= fips_standalone_sha1$(EXE_EXT)
 
@@ -72,17 +72,33 @@ tags:
 
 tests:
 
-top_fips_sha1test:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_sha1test sub_target)
+Q=../testvectors/sha/req
+A=../testvectors/sha/rsp
 
-fips_sha1test: fips_sha1test.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_sha1test fips_sha1test.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_sha1test
+VECTORS = SHA1LongMsg \
+	SHA1Monte \
+	SHA1ShortMsg \
+	SHA224LongMsg \
+	SHA224Monte \
+	SHA224ShortMsg \
+	SHA256LongMsg \
+	SHA256Monte \
+	SHA256ShortMsg \
+	SHA384LongMsg \
+	SHA384Monte \
+	SHA384ShortMsg \
+	SHA512LongMsg \
+	SHA512Monte \
+	SHA512ShortMsg
 
-fips_test: top_fips_sha1test
-	-rm -rf ../testvectors/sha1/rsp
-	mkdir ../testvectors/sha1/rsp
-	./fips_sha1test ../testvectors/sha1/req/sha.req  > ../testvectors/sha1/rsp/sha.rsp
+fips_test:
+	-rm -rf $(A)
+	mkdir $(A)
+	for file in $(VECTORS); do \
+	    if [ -f $(Q)/$$file.req ]; then \
+		$(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
+	    fi; \
+	done
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -116,15 +132,6 @@ fips_sha1dgst.o: ../../include/openssl/opensslv.h
 fips_sha1dgst.o: ../../include/openssl/safestack.h
 fips_sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 fips_sha1dgst.o: fips_sha1dgst.c
-fips_sha1test.o: ../../e_os.h ../../include/openssl/bio.h
-fips_sha1test.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-fips_sha1test.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-fips_sha1test.o: ../../include/openssl/fips_sha.h ../../include/openssl/lhash.h
-fips_sha1test.o: ../../include/openssl/opensslconf.h
-fips_sha1test.o: ../../include/openssl/opensslv.h
-fips_sha1test.o: ../../include/openssl/safestack.h
-fips_sha1test.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_sha1test.o: fips_sha1test.c
 fips_sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 fips_sha256.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h
 fips_sha256.o: ../../include/openssl/opensslconf.h
@@ -138,6 +145,29 @@ fips_sha512.o: ../../include/openssl/opensslconf.h
 fips_sha512.o: ../../include/openssl/opensslv.h
 fips_sha512.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 fips_sha512.o: ../../include/openssl/symhacks.h fips_sha512.c
+fips_shatest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_shatest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+fips_shatest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_shatest.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+fips_shatest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_shatest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_shatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_shatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_shatest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+fips_shatest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_shatest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+fips_shatest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_shatest.o: ../../include/openssl/opensslconf.h
+fips_shatest.o: ../../include/openssl/opensslv.h
+fips_shatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_shatest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_shatest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+fips_shatest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_shatest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_shatest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_shatest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_shatest.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+fips_shatest.o: fips_shatest.c
 fips_standalone_sha1.o: ../../include/openssl/aes.h
 fips_standalone_sha1.o: ../../include/openssl/asn1.h
 fips_standalone_sha1.o: ../../include/openssl/bio.h

fips/sha/fips_sha256.c

@@ -15,6 +15,8 @@
 #include <openssl/fips.h>
 #include <openssl/opensslv.h>
 
+#ifdef OPENSSL_FIPS
+
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 
 int SHA224_Init (SHA256_CTX *c)
@@ -317,4 +319,7 @@ void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 {   sha256_block (ctx,in,num,0);   }
 
+#endif
+
 #endif /* OPENSSL_NO_SHA256 */
+

fips/sha/fips_sha512.c

@@ -49,6 +49,8 @@
 #include <openssl/fips.h>
 #include <openssl/opensslv.h>
 
+#ifdef OPENSSL_FIPS
+
 const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 
 #if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
@@ -479,4 +481,7 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
 
 #endif /* SHA512_ASM */
 
+#endif
+
 #endif /* OPENSSL_NO_SHA512 */
+

fips/sha/fips_shatest.c

@@ -0,0 +1,399 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS SHAXXX support\n");
+    return(0);
+}
+
+#else
+
+static int dgst_test(BIO *err, BIO *out, BIO *in);
+static int print_dgst(BIO *err, const EVP_MD *md, BIO *out,
+		unsigned char *Msg, int Msglen);
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+		unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+	{
+	BIO *in = NULL, *out = NULL, *err = NULL;
+
+	int ret = 1;
+
+	ERR_load_crypto_strings();
+
+	err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!err)
+		{
+		fprintf(stderr, "FATAL stderr initialization error\n");
+		goto end;
+		}
+
+	if(!FIPS_mode_set(1,argv[0]))
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+
+	if (argc == 1)
+		in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	else
+		in = BIO_new_file(argv[1], "r");
+
+	if (argc < 2)
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	else
+		out = BIO_new_file(argv[2], "w");
+
+	if (!in)
+		{
+		BIO_printf(err, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!dgst_test(err, out, in))
+		{
+		fprintf(stderr, "FATAL digest file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (ret && err)
+		ERR_print_errors(err);
+
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free(out);
+	if (err)
+		BIO_free(err);
+
+	return ret;
+
+	}
+
+#define SHA_TEST_MAX_BITS	102400
+#define SHA_TEST_MAXLINELEN	(((SHA_TEST_MAX_BITS >> 3) * 2) + 10)
+
+int dgst_test(BIO *err, BIO *out, BIO *in)
+	{
+	const EVP_MD *md = NULL;
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	unsigned char *Msg = NULL, *Seed = NULL;
+	long MsgLen = -1, Len = -1, SeedLen = -1;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+
+	while (BIO_gets(in, olinebuf, SHA_TEST_MAXLINELEN) > 0)
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [L=20] line) just copy */
+		if (!p)
+			{
+			if (!BIO_puts(out, olinebuf))
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword,"[L") && *p==']')
+			{
+			switch (atoi(value))
+				{
+				case 20: md=EVP_sha1();   break;
+				case 28: md=EVP_sha224(); break;
+				case 32: md=EVP_sha256(); break;
+				case 48: md=EVP_sha384(); break;
+				case 64: md=EVP_sha512(); break;
+				default: goto parse_error;
+				}
+			}
+		else if (!strcmp(keyword, "Len"))
+			{
+			if (Len != -1)
+				goto parse_error;
+			Len = atoi(value);
+			if (Len < 0)
+				goto parse_error;
+			/* Only handle multiples of 8 bits */
+			if (Len & 0x7)
+				goto parse_error;
+			if (Len > SHA_TEST_MAX_BITS)
+				goto parse_error;
+			MsgLen = Len >> 3;
+			}
+
+		else if (!strcmp(keyword, "Msg"))
+			{
+			long tmplen;
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			if (Msg)
+				goto parse_error;
+			Msg = string_to_hex(value, &tmplen);
+			if (!Msg)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Seed"))
+			{
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			if (Seed)
+				goto parse_error;
+			Seed = string_to_hex(value, &SeedLen);
+			if (!Seed)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "MD"))
+			continue;
+		else
+			goto parse_error;
+
+		BIO_puts(out, olinebuf);
+
+		if (md && Msg && (MsgLen >= 0))
+			{
+			if (!print_dgst(err, md, out, Msg, MsgLen))
+				goto error;
+			OPENSSL_free(Msg);
+			Msg = NULL;
+			MsgLen = -1;
+			Len = -1;
+			}
+		else if (md && Seed && (SeedLen > 0))
+			{
+			if (!print_monte(err, md, out, Seed, SeedLen))
+				goto error;
+			OPENSSL_free(Seed);
+			Seed = NULL;
+			SeedLen = -1;
+			}
+	
+
+		}
+
+
+	ret = 1;
+
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (Msg)
+		OPENSSL_free(Msg);
+	if (Seed)
+		OPENSSL_free(Seed);
+
+	return ret;
+
+	parse_error:
+
+	BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int print_dgst(BIO *err, const EVP_MD *emd, BIO *out,
+		unsigned char *Msg, int Msglen)
+	{
+	int i, mdlen;
+	unsigned char md[EVP_MAX_MD_SIZE];
+	if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+		{
+		BIO_puts(err, "Error calculating HASH\n");
+		return 0;
+		}
+	BIO_puts(out, "MD = ");
+	for (i = 0; i < mdlen; i++)
+		BIO_printf(out, "%02x", md[i]);
+	BIO_puts(out, "\n");
+	return 1;
+	}
+
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+		unsigned char *Seed, int SeedLen)
+	{
+	unsigned int i, j, k;
+	int ret = 0;
+	EVP_MD_CTX ctx;
+	unsigned char *m1, *m2, *m3, *p;
+	unsigned int mlen, m1len, m2len, m3len;
+
+	EVP_MD_CTX_init(&ctx);
+
+	if (SeedLen > EVP_MAX_MD_SIZE)
+		mlen = SeedLen;
+	else
+		mlen = EVP_MAX_MD_SIZE;
+
+	m1 = OPENSSL_malloc(mlen);
+	m2 = OPENSSL_malloc(mlen);
+	m3 = OPENSSL_malloc(mlen);
+
+	if (!m1 || !m2 || !m3)
+		goto mc_error;
+
+	m1len = m2len = m3len = SeedLen;
+	memcpy(m1, Seed, SeedLen);
+	memcpy(m2, Seed, SeedLen);
+	memcpy(m3, Seed, SeedLen);
+
+	BIO_puts(out, "\n");
+
+	for (j = 0; j < 100; j++)
+		{
+		for (i = 0; i < 1000; i++)
+			{
+			EVP_DigestInit_ex(&ctx, md, NULL);
+			EVP_DigestUpdate(&ctx, m1, m1len);
+			EVP_DigestUpdate(&ctx, m2, m2len);
+			EVP_DigestUpdate(&ctx, m3, m3len);
+			p = m1;
+			m1 = m2;
+			m1len = m2len;
+			m2 = m3;
+			m2len = m3len;
+			m3 = p;
+			EVP_DigestFinal_ex(&ctx, m3, &m3len);
+			}
+		BIO_printf(out, "COUNT = %d\n", j);
+		BIO_puts(out, "MD = ");
+		for (k = 0; k < m3len; k++)
+			BIO_printf(out, "%02x", m3[k]);
+		BIO_puts(out, "\n\n");
+		memcpy(m1, m3, m3len);
+		memcpy(m2, m3, m3len);
+		m1len = m2len = m3len;
+		}
+
+	ret = 1;
+
+	mc_error:
+	if (m1)
+		OPENSSL_free(m1);
+	if (m2)
+		OPENSSL_free(m2);
+	if (m3)
+		OPENSSL_free(m3);
+
+	EVP_MD_CTX_cleanup(&ctx);
+
+	return ret;
+	}
+
+#endif

fips/sha/fips_standalone_sha1.c

@@ -104,7 +104,7 @@ int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS
     static char key[]="etaonrishdlcupfm";
-    int n;
+    int n,binary=0;
 
     if(argc < 2)
 	{
@@ -112,7 +112,14 @@ int main(int argc,char **argv)
 	exit(1);
 	}
 
-    for(n=1 ; n < argc ; ++n)
+    n=1;
+    if (!strcmp(argv[n],"-binary"))
+	{
+	n++;
+	binary=1;	/* emit binary fingerprint... */
+	}
+
+    for(; n < argc ; ++n)
 	{
 	FILE *f=fopen(argv[n],"rb");
 	SHA_CTX md_ctx,o_ctx;
@@ -145,6 +152,12 @@ int main(int argc,char **argv)
 	    }
 	hmac_final(md,&md_ctx,&o_ctx);
 
+	if (binary)
+	    {
+	    fwrite(md,20,1,stdout);
+	    break;	/* ... for single(!) file */
+	    }
+
 	printf("HMAC-SHA1(%s)= ",argv[n]);
 	for(i=0 ; i < 20 ; ++i)
 	    printf("%02x",md[i]);

fips/sha1/fips_sha1test.c

@@ -1,151 +0,0 @@
-#include <stdio.h>
-#include <assert.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/fips_sha.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-
-#ifndef OPENSSL_FIPS
-int main(int argc, char *argv[])
-{
-    printf("No FIPS SHA1 support\n");
-    return(0);
-}
-#else
-
-#define MAX_TEST_BITS 103432
-
-static void dump(const unsigned char *b,int n)
-    {
-    while(n-- > 0)
-	printf("%02X",*b++);
-    }
-
-static void bitfill(unsigned char *buf,int bit,int b,int n)
-    {
-    for( ; n > 0 ; --n,++bit)
-	{
-	assert(bit < MAX_TEST_BITS);
-	buf[bit/8]|=b << (7-bit%8);
-	}
-    }
-
-void montecarlo(unsigned char *seed,int n)
-    {
-    int i,j;
-    unsigned char m[10240];
-
-    memcpy(m,seed,n);
-    for(j=0 ; j < 100 ; ++j)
-	{
-	for(i=1 ; i <= 50000 ; ++i)
-	    {
-	    memset(m+n,'\0',j/4+3);
-	    n+=j/4+3;
-	    m[n++]=i >> 24;
-	    m[n++]=i >> 16;
-	    m[n++]=i >> 8;
-	    m[n++]=i;
-/*  	    putchar(' '); */
-/*  	    dump(m,bit/8); */
-/*  	    putchar('\n'); */
-	    SHA1(m,n,m);
-	    n=20;
-	    }
-	dump(m,20);
-	puts(" ^");
-	}
-    }
-
-int main(int argc,char **argv)
-    {
-    FILE *fp;
-    int phase;
-
-    if(argc != 2)
-	{
-	fprintf(stderr,"%s <test vector file>\n",argv[0]);
-	EXIT(1);
-	}
-
-    if(!FIPS_mode_set(1,argv[0]))
-	{
-	ERR_load_crypto_strings();
-	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-	EXIT(1);
-	}
-    fp=fopen(argv[1],"r");
-    if(!fp)
-	{
-	perror(argv[1]);
-	EXIT(2);
-	}
-
-    for(phase=0 ; ; )
-	{
-	unsigned char buf[MAX_TEST_BITS/8];
-	unsigned char md[20];
-	char line[10240];
-	int n,t,b,bit;
-	char *p;
-
-	fgets(line,1024,fp);
-	if(feof(fp))
-	    break;
-	n=strlen(line);
-	line[n-1]='\0';
-	if(!strcmp(line,"D>"))
-	    ++phase;
-
-	if(!isdigit(line[0]))
-	    {
-	    puts(line);
-	    continue;
-	    }
-	for( ; ; )
-	    {
-	    assert(n > 1);
-	    if(line[n-2] == '^')
-		break;
-	    fgets(line+n-1,sizeof(line)-n+1,fp);
-	    n=strlen(line);
-	    /*	    printf("line=%s\n",line); */
-	    assert(!feof(fp));
-	    }
-
-	p=strtok(line," ");
-	t=atoi(p);
-	p=strtok(NULL," ");
-	b=atoi(p);
-	memset(buf,'\0',sizeof buf);
-	for(bit=0,p=strtok(NULL," ") ; p && *p != '^' ; p=strtok(NULL," "))
-	    {
-	    assert(t-- > 0);
-	    bitfill(buf,bit,b,atoi(p));
-	    bit+=atoi(p);
-	    b=1-b;
-	    }
-	assert(t == 0);
-	assert((bit%8) == 0);
-	/*	dump(buf,bit/8); */
-	/*	putchar('\n'); */
-	if(phase < 3)
-	    {
-	    SHA1(buf,bit/8,md);
-	    dump(md,20);
-	    puts(" ^");
-	    }
-	else
-	    montecarlo(buf,bit/8);
-	}
-    EXIT(0);
-    return(0);
-    }
-#endif

fips/sha1/sha1hashes.txt

@@ -1,342 +0,0 @@
-#  Configuration information for "SHA-1 Test"
-#  SHA tests are configured for BYTE oriented implementations
-H>SHS Type 1 Hashes<H
-D>
-DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 ^
-3CDF2936DA2FC556BFA533AB1EB59CE710AC80E5 ^
-19C1E2048FA7393CFBF2D310AD8209EC11D996E5 ^
-CA775D8C80FAA6F87FA62BECA6CA6089D63B56E5 ^
-71AC973D0E4B50AE9E5043FF4D615381120A25A0 ^
-A6B5B9F854CFB76701C3BDDBF374B3094EA49CBA ^
-D87A0EE74E4B9AD72E6847C87BDEEB3D07844380 ^
-1976B8DD509FE66BF09C9A8D33534D4EF4F63BFD ^
-5A78F439B6DB845BB8A558E4CEB106CD7B7FF783 ^
-F871BCE62436C1E280357416695EE2EF9B83695C ^
-62B243D1B780E1D31CF1BA2DE3F01C72AEEA0E47 ^
-1698994A273404848E56E7FDA4457B5900DE1342 ^
-056F4CDC02791DA7ED1EB2303314F7667518DEEF ^
-9FE2DA967BD8441EEA1C32DF68DDAA9DC1FC8E4B ^
-73A31777B4ACE9384EFA8BBEAD45C51A71ABA6DD ^
-3F9D7C4E2384EDDABFF5DD8A31E23DE3D03F42AC ^
-4814908F72B93FFD011135BEE347DE9A08DA838F ^
-0978374B67A412A3102C5AA0B10E1A6596FC68EB ^
-44AD6CB618BD935460D46D3F921D87B99AB91C1E ^
-02DC989AF265B09CF8485640842128DCF95E9F39 ^
-67507B8D497B35D6E99FC01976D73F54AECA75CF ^
-1EAE0373C1317CB60C36A42A867B716039D441F5 ^
-9C3834589E5BFFAC9F50950E0199B3EC2620BEC8 ^
-209F7ABC7F3B878EE46CDF3A1FBB9C21C3474F32 ^
-05FC054B00D97753A9B3E2DA8FBBA3EE808CEF22 ^
-0C4980EA3A46C757DFBFC5BAA38AC6C8E72DDCE7 ^
-96A460D2972D276928B69864445BEA353BDCFFD2 ^
-F3EF04D8FA8C6FA9850F394A4554C080956FA64B ^
-F2A31D875D1D7B30874D416C4D2EA6BAF0FFBAFE ^
-F4942D3B9E9588DCFDC6312A84DF75D05F111C20 ^
-310207DF35B014E4676D30806FA34424813734DD ^
-4DA1955B2FA7C7E74E3F47D7360CE530BBF57CA3 ^
-74C4BC5B26FB4A08602D40CCEC6C6161B6C11478 ^
-0B103CE297338DFC7395F7715EE47539B556DDB6 ^
-EFC72D99E3D2311CE14190C0B726BDC68F4B0821 ^
-660EDAC0A8F4CE33DA0D8DBAE597650E97687250 ^
-FE0A55A988B3B93946A63EB36B23785A5E6EFC3E ^
-0CBDF2A5781C59F907513147A0DE3CC774B54BF3 ^
-663E40FEE5A44BFCB1C99EA5935A6B5BC9F583B0 ^
-00162134256952DD9AE6B51EFB159B35C3C138C7 ^
-CEB88E4736E354416E2010FC1061B3B53B81664B ^
-A6A2C4B6BCC41DDC67278F3DF4D8D0B9DD7784EF ^
-C23D083CD8820B57800A869F5F261D45E02DC55D ^
-E8AC31927B78DDEC41A31CA7A44EB7177165E7AB ^
-E864EC5DBAB0F9FF6984AB6AD43A8C9B81CC9F9C ^
-CFED6269069417A84D6DE2347220F4B858BCD530 ^
-D9217BFB46C96348722C3783D29D4B1A3FEDA38C ^
-DEC24E5554F79697218D317315FA986229CE3350 ^
-83A099DF7071437BA5495A5B0BFBFEFE1C0EF7F3 ^
-AA3198E30891A83E33CE3BFA0587D86A197D4F80 ^
-9B6ACBEB4989CBEE7015C7D515A75672FFDE3442 ^
-B021EB08A436B02658EAA7BA3C88D49F1219C035 ^
-CAE36DAB8AEA29F62E0855D9CB3CD8E7D39094B1 ^
-02DE8BA699F3C1B0CB5AD89A01F2346E630459D7 ^
-88021458847DD39B4495368F7254941859FAD44B ^
-91A165295C666FE85C2ADBC5A10329DAF0CB81A0 ^
-4B31312EAF8B506811151A9DBD162961F7548C4B ^
-3FE70971B20558F7E9BAC303ED2BC14BDE659A62 ^
-93FB769D5BF49D6C563685954E2AECC024DC02D6 ^
-BC8827C3E614D515E83DEA503989DEA4FDA6EA13 ^
-E83868DBE4A389AB48E61CFC4ED894F32AE112AC ^
-55C95459CDE4B33791B4B2BCAAF840930AF3F3BD ^
-36BB0E2BA438A3E03214D9ED2B28A4D5C578FCAA ^
-3ACBF874199763EBA20F3789DFC59572ACA4CF33 ^
-86BE037C4D509C9202020767D860DAB039CADACE ^
-51B57D7080A87394EEC3EB2E0B242E553F2827C9 ^
-1EFBFA78866315CE6A71E457F3A750A38FACAB41 ^
-57D6CB41AEEC20236F365B3A490C61D0CFA39611 ^
-C532CB64B4BA826372BCCF2B4B5793D5B88BB715 ^
-15833B5631032663E783686A209C6A2B47A1080E ^
-D04F2043C96E10CD83B574B1E1C217052CD4A6B2 ^
-E8882627C64DB743F7DB8B4413DD033FC63BEB20 ^
-CD2D32286B8867BC124A0AF2236FC74BE3622199 ^
-019B70D745375091ED5C7B218445EC986D0F5A82 ^
-E5FF5FEC1DADBAED02BF2DAD4026BE6A96B3F2AF ^
-6F4E23B3F2E2C068D13921FE4E5E053FFED4E146 ^
-25E179602A575C915067566FBA6DA930E97F8678 ^
-67DED0E68E235C8A523E051E86108EEB757EFBFD ^
-AF78536EA83C822796745556D62A3EE82C7BE098 ^
-64D7AC52E47834BE72455F6C64325F9C358B610D ^
-9D4866BAA3639C13E541F250FFA3D8BC157A491F ^
-2E258811961D3EB876F30E7019241A01F9517BEC ^
-8E0EBC487146F83BC9077A1630E0FB3AB3C89E63 ^
-CE8953741FFF3425D2311FBBF4AB481B669DEF70 ^
-789D1D2DAB52086BD90C0E137E2515ED9C6B59B5 ^
-B76CE7472700DD68D6328B7AA8437FB051D15745 ^
-F218669B596C5FFB0B1C14BD03C467FC873230A0 ^
-1FF3BDBE0D504CB0CDFAB17E6C37ABA6B3CFFDED ^
-2F3CBACBB14405A4652ED52793C1814FD8C4FCE0 ^
-982C8AB6CE164F481915AF59AAED9FFF2A391752 ^
-5CD92012D488A07ECE0E47901D0E083B6BD93E3F ^
-69603FEC02920851D4B3B8782E07B92BB2963009 ^
-3E90F76437B1EA44CF98A08D83EA24CECF6E6191 ^
-34C09F107C42D990EB4881D4BF2DDDCAB01563AE ^
-474BE0E5892EB2382109BFC5E3C8249A9283B03D ^
-A04B4F75051786682483252438F6A75BF4705EC6 ^
-BE88A6716083EB50ED9416719D6A247661299383 ^
-C67E38717FEE1A5F65EC6C7C7C42AFC00CD37F04 ^
-959AC4082388E19E9BE5DE571C047EF10C174A8D ^
-BAA7AA7B7753FA0ABDC4A541842B5D238D949F0A ^
-351394DCEBC08155D100FCD488578E6AE71D0E9C ^
-AB8BE94C5AF60D9477EF1252D604E58E27B2A9EE ^
-3429EC74A695FDD3228F152564952308AFE0680A ^
-907FA46C029BC67EAA8E4F46E3C2A232F85BD122 ^
-2644C87D1FBBBC0FC8D65F64BCA2492DA15BAAE4 ^
-110A3EEB408756E2E81ABAF4C5DCD4D4C6AFCF6D ^
-CD4FDC35FAC7E1ADB5DE40F47F256EF74D584959 ^
-8E6E273208AC256F9ECCF296F3F5A37BC8A0F9F7 ^
-FE0606100BDBC268DB39B503E0FDFE3766185828 ^
-6C63C3E58047BCDB35A17F74EEBA4E9B14420809 ^
-BCC2BD305F0BCDA8CF2D478EF9FE080486CB265F ^
-CE5223FD3DD920A3B666481D5625B16457DCB5E8 ^
-948886776E42E4F5FAE1B2D0C906AC3759E3F8B0 ^
-4C12A51FCFE242F832E3D7329304B11B75161EFB ^
-C54BDD2050504D92F551D378AD5FC72C9ED03932 ^
-8F53E8FA79EA09FD1B682AF5ED1515ECA965604C ^
-2D7E17F6294524CE78B33EAB72CDD08E5FF6E313 ^
-64582B4B57F782C9302BFE7D07F74AA176627A3A ^
-6D88795B71D3E386BBD1EB830FB9F161BA98869F ^
-86AD34A6463F12CEE6DE9596ABA72F0DF1397FD1 ^
-7EB46685A57C0D466152DC339C8122548C757ED1 ^
-E7A98FB0692684054407CC221ABC60C199D6F52A ^
-34DF1306662206FD0A5FC2969A4BEEC4EB0197F7 ^
-56CF7EBF08D10F0CB9FE7EE3B63A5C3A02BCB450 ^
-3BAE5CB8226642088DA760A6F78B0CF8EDDEA9F1 ^
-6475DF681E061FA506672C27CBABFA9AA6DDFF62 ^
-79D81991FA4E4957C8062753439DBFD47BBB277D ^
-BAE224477B20302E881F5249F52EC6C34DA8ECEF ^
-EDE4DEB4293CFE4138C2C056B7C46FF821CC0ACC ^
-<D
-
-H>SHS Type 2 Hashes<H
-D>
-A771FA5C812BD0C9596D869EC99E4F4AC988B13F ^
-E99D566212BBBCEEE903946F6100C9C96039A8F4 ^
-B48CE6B1D13903E3925AE0C88CB931388C013F9C ^
-E647D5BAF670D4BF3AFC0A6B72A2424B0C64F194 ^
-65C1CD932A06B05CD0B43AFB3BC7891F6BCEF45C ^
-70FFAE353A5CD0F8A65A8B2746D0F16281B25EC7 ^
-CC8221F2B829B8CF39646BF46888317C3EB378EA ^
-26ACCC2D6D51FF7BF3E5895588907765111BB69B ^
-01072915B8E868D9B28E759CF2BC1AEA4BB92165 ^
-3016115711D74236ADF0C371E47992F87A428598 ^
-BF30417999C1368F008C1F19FECA4D18A5E1C3C9 ^
-62BA49087185F2742C26E1C1F4844112178BF673 ^
-E1F6B9536F384DD3098285BBFD495A474140DC5A ^
-B522DAE1D67726EBA7C4136D4E2F6D6D645AC43E ^
-E9A021C3EB0B9F2C710554D4BF21B19F78E09478 ^
-DF13573188F3BF705E697A3E1F580145F2183377 ^
-188835CFE52ECFA0C4135C2825F245DC29973970 ^
-41B615A34EE2CEC9D84A91B141CFAB115821950B ^
-AB3DD6221D2AFE6613B815DA1C389EEC74AA0337 ^
-0706D414B4AA7FB4A9051AA70D6856A7264054FB ^
-3CBF8151F3A00B1D5A809CBB8C4F3135055A6BD1 ^
-DA5D6A0319272BBCCEA63ACFA6799756FFDA6840 ^
-FB4429C95F6277B346D3B389413758DFFFEEDC98 ^
-2C6E30D9C895B42DCCCFC84C906EC88C09B20DE1 ^
-3DE3189A5E19F225CDCE254DFF23DACD22C61363 ^
-93530A9BC9A817F6922518A73A1505C411D05DA2 ^
-E31354345F832D31E05C1B842D405D4BD4588EC8 ^
-3FF76957E80B60CF74D015AD431FCA147B3AF232 ^
-34AE3B806BE143A84DCE82E4B830EB7D3D2BAC69 ^
-D7447E53D66BB5E4C26E8B41F83EFD107BF4ADDA ^
-77DD2A4482705BC2E9DC96EC0A13395771AC850C ^
-EAA1465DB1F59DE3F25EB8629602B568E693BB57 ^
-9329D5B40E0DC43AA25FED69A0FA9C211A948411 ^
-E94C0B6AA62AA08C625FAF817DDF8F51EC645273 ^
-7FF02B909D82AD668E31E547E0FB66CB8E213771 ^
-5BB3570858FA1744123BAC2873B0BB9810F53FA1 ^
-905F43940B3591CE39D1145ACB1ECA80AB5E43CD ^
-336C79FBD82F33E490C577E3F791C3CBFE842AFF ^
-5C6D07A6B44F7A75A64F6CE592F3BAE91E022210 ^
-7E0D3E9D33127F4A30EB8D9C134A58409FA8695B ^
-9A5F50DFCFB19286206C229019F0ABF25283028C ^
-DCA737E269F9D8626D488988C996E06B352C0708 ^
-B8FFC1D4972FCE63241E0E77850AC46DDE75DBFA ^
-E9C9BF41C8549354151B977003CE1D830BE667DB ^
-0942908960B54F96CB43452E583F4F9CB66E398A ^
-FCE34051C34D4B81B85DDC4B543CDE8007E284B3 ^
-61E8916532503627F4024D13884640A46F1D61D4 ^
-F008D5D7853B6A17B7466CD9E18BD135E520FAF4 ^
-BD8D2E873CF659B5C77AAC1616827EF8A3B1A3B3 ^
-B25A04DD425302ED211A1C2412D2410FA10C63B6 ^
-A404E21588123E0893718B4B44E91414A785B91F ^
-A1E13BC55BF6DAD83CF3AABDA3287AD68681EA64 ^
-D5FD35FFABED6733C92365929DF0FB4CAE864D15 ^
-C12E9C280EE9C079E0506FF89F9B20536E0A83EF ^
-E22769DC00748A9BBD6C05BBC8E81F2CD1DC4E2D ^
-F29835A93475740E888E8C14318F3CA45A3C8606 ^
-1A1D77C6D0F97C4B620FAA90F3F8644408E4B13D ^
-4EC84870E9BDD25F523C6DFB6EDD605052CA4EAA ^
-D689513FED08B80C39B67371959BC4E3FECB0537 ^
-C4FED58F209FC3C34AD19F86A6DACADC86C04D33 ^
-051888C6D00029C176DE792B84DECE2DC1C74B00 ^
-1A3540BEE05518505827954F58B751C475AEECE0 ^
-DFA19180359D5A7A38E842F172359CAF4208FC05 ^
-7B0FA84EBBCFF7D7F4500F73D79660C4A3431B67 ^
-9E886081C9ACAAD0F97B10810D1DE6FCDCE6B5F4 ^
-A4D46E4BA0AE4B012F75B1B50D0534D578AE9CB6 ^
-6342B199EE64C7B2C9CBCD4F2DCB65ACEF51516F ^
-AABFD63688EB678357869130083E1B52F6EA861D ^
-F732B7372DAF44801F81EFFE3108726239837936 ^
-5E9347FE4574CDCB80281ED092191199BADD7B42 ^
-D5776B7DFFF75C1358ABDBBB3F27A20BB6CA7C55 ^
-022B7ADA472FB7A9DA9219621C9C5F563D3792F6 ^
-7F1DE4ECA20362DA624653D225A5B3F7964A9FF2 ^
-CA0F2B1BFB4469C11ED006A994734F0F2F5EFD17 ^
-833D63F5C2EA0CD43EC15F2B9DD97FF12B030479 ^
-14FD356190416C00592B86FF7CA50B622F85593A ^
-4AB6B57EDDEF1CE935622F935C1619AE7C1667D6 ^
-B456A6A968ACD66CAA974F96A9A916E700AA3C5D ^
-FD1C257FE046B2A27E2F0CD55ED2DECA845F01D7 ^
-66E0D01780F1063E2929EAAD74826BC64060E38C ^
-A8478DF406F179FD4EF97F4574D7F99EA1CE9EB8 ^
-248E58CF09A372114FC2F93B09C5FC14F3D0059E ^
-F15767DE91796A6816977EFA4FCED4B7FD9B8A57 ^
-36A6BC5E680E15675D9696338C88B36248BBBAF4 ^
-4DEA6251B2A6DF017A8093AB066EE3863A4EC369 ^
-D30E70E357D57E3D82CA554B8A3D58DFF528FA94 ^
-70CA84D827F7FD61446233F88CF2F990B0F3E2AA ^
-8D500C9CFDE0288530A2106B70BED39326C52C3C ^
-F3D4D139EDFC24596377BC97A96FB7621F27FFC7 ^
-5509BAFFAC6D507860CEFC5AB5832CB63CD4B687 ^
-0C0AEA0C2FD7A620C77866B1A177481E26B4F592 ^
-149176007FEE58A591E3F00F8DB658B605F8390C ^
-17C0D7B0256159F3626786FFDB20237AE154FA84 ^
-741A58618ABEB1D983D67AFDCBC49AA397A3B8E0 ^
-B738D6B3409EB9ED2F1719B84D13F7C36169CDEC ^
-3D33DE31F64055D3B128AC9A6AA3F92DFD4F5330 ^
-B6925F4DF94949B8844C867428BA3DEDF4CF2B51 ^
-CF5E7256292ABEC431D8E8B9CBEAF22AF072377E ^
-975DCE94902923977F129C0E4ACF40AD28DDB9AA ^
-333B0259B18CE64D6B52CF563DD3041E5F63A516 ^
-<D
-
-H>SHS Type 3 Hashes<H
-D>
-80E044703A880C20EC41F645120A8A5B5D194ECE ^
-E142829CA08FC9787F17AA16CE727396169B2713 ^
-6A2BAF62469D311F9257A0727F52C7EAA87CCEB4 ^
-362E3E7136CA611D7FBF687D3BBDC54CDA64843F ^
-F5900ADC6223A5D24A7526ABFC60FA8E2D59A5AB ^
-AD0CAC6A21D5B10833DDE7FA85927D74EDA142A9 ^
-47AD337EAFFDC177AAF7CBD035BE6F398B9D0536 ^
-9CF58595DF80872535BCC7C056E223546F0BB4EE ^
-7151CEB1918278CED2902B1D663D596F8D1B986F ^
-ADDC9F09AA4026EF6C4B7F1A84D3A13B4CDC65B3 ^
-921FE78A863A317B1FA1FB3CA3BE1948DE7EF754 ^
-64BE10732D71D52CE8A486DA23E6B453DF7C6FBD ^
-4A450659470DD759ABFAE1D73972A6D2E63AC16C ^
-0D665E4BBF30B7EAB955BDE84759E185EECAB4CB ^
-0C1B8EE94D61CDD0837EAED9FE33DE4A8334B596 ^
-D93BFE2A6227A4BF9B7C61EBCE4A8CDE131593FE ^
-BDA883F804B470C90BD6AC490DFC34EBC27F9648 ^
-46A0969373552213632591C52030C38E5DBDC49E ^
-4781289E48B910C550DC23CA7D3AF5324C03532D ^
-693A34CFCDDED0F3AC72E7197FCE9BB66A8E3981 ^
-AE088AF1D8865140963B3ABFB63E32E04CD1506F ^
-ADF0F8F1D85CA97586F5DC6DC5FD11FA39270F55 ^
-E484F5AD86C5F4D09E366ADF6E0DE73449F97B28 ^
-81C49842BA3D7072FB42288E03CE737A2672C091 ^
-F6CC71AD897C23A16835490DED289BFD45500AB0 ^
-23E71AED62FE8E28F34F58E7FE5594EC5EB0486C ^
-92BA7934AA5867EE52960F4E0EDFB90AA7B69305 ^
-C3D1CC8CBD1B6FFEE0D90CE962CD9C09AB1548AA ^
-3CE37A583B71A6A77BE325066A0F00C5D11DFC3E ^
-76EF5D236E1042D356A3234A422C092F86003064 ^
-8C3F703436C6C882E60263540A8E4C3E5646DC15 ^
-6138F9F3AB43B988DD3857422CCB304352459F40 ^
-B812DE98775B4690B4FC2ECFCAB61C73C7271DC7 ^
-06660985CD80D48E7B9F88455B4233924C3B64BB ^
-76AB4B6378D6F63499A94EB67EB1CB31AFF8D775 ^
-F31F6B0BE7AB059A1F59A46481967E88392979E6 ^
-0C1638498FBB7DB9600B98B4B22EF85E0FE245FB ^
-5607C6AF600939736795AC523FA43B736F41A118 ^
-8A03244866BDD21B9D8A82E98436C894FAD86ECC ^
-8A75BFD911AF87303B9B8FB7A1A47CCA52D3D98A ^
-16F0F3B5D37411236A1E3D6B1EDAB74CDA25ED4B ^
-AC72BF45477481F58A302628DC5299FFA32E7C9F ^
-74CFFD5881F75AC20726E1447DCF7F47024380EF ^
-5BFBECEECBC27DA05729C4D1AC8C1286EA6DCEC9 ^
-012AACBC0579FA4CB4F107E9A9AD1A86AD2F6A4D ^
-F7D552CBC5EF90F1A579388B5A8A9EC71EB67681 ^
-10C70115C4C34753274BFED477DF01440A67A361 ^
-078D2FACD293B6B6219D89899C16AA1AA8E3DE82 ^
-83C6BF9FB0D3091ADF374EBFA0A69916F17E6D26 ^
-2CDB1924DA62AB64C007C6505FF657E4ADDEA9C1 ^
-E95D209BCB9864B076FF4DFCA8F8BD75D62D1B48 ^
-632824CF5025F8F90AD2923BDDF449550D64C0F5 ^
-02B1C0B41FC27EC5A32E586F1AC480BF0061E56A ^
-28156BC6769AE390BF32C6512C46169181E1536D ^
-F730E6E287D992E7F3E013B6F1E088F0B9C41598 ^
-B056A6A832FA5FE964EF77FF3E0BE1C32E0D58C0 ^
-D5B3D19AFBB48FB56BA6D44A82DE6BD08DB208DE ^
-0215AD79BD6B8023C05FD2F8966211897DF6337A ^
-EC4CF38C244EB6526A44F70570925247145DA8CA ^
-C0D931262ECE93DA5A6ABC89CD6AD3162EA6B09E ^
-6BB48FAC26AA2B4859BBDEFCFB53AE4D1D9A0340 ^
-58611D43741E67A7F0DA9CB337A59DCD1EBE758E ^
-7C2AEC216AF231509E47B7EED06BB17859812B7E ^
-F60EE5DBF4A7A676EC98B3DDB1CDD6CDF3CDA33B ^
-0492E59B1F4C94E97F29A26C3EE7D57E1B0FDD72 ^
-4FCF549D902D9BE1101A756DB9E45415FB61BCD2 ^
-95C71D26AD6B38CC771376B4A4F962F12E1E3D4F ^
-F6A2449E773C72FB886B3C43E2B30EC2A1B7454A ^
-CDE86695E00AEC9A5DB6FDDB5D5A5934448D58E0 ^
-502318A758FABFF6AC53844E9E2BCD159C678510 ^
-589D295148F95F75DAE964DD743FE981FA236D4E ^
-7973DD33AE3599A556BACC77E8656E782E029EFF ^
-9F5BE43AADD43C6DB3883C9DA4B52E1A50257AEE ^
-454289D8FFB237A56D5214EAE88F0A9D328FEA1A ^
-7E686B36595BEB4C0D4528FF960EDB55088A028D ^
-F9789D1EF19A0084AC0E9F43A4BC0EE0478939EF ^
-2F32B0E7CC8BE19C325545C816E77056D7BBE70F ^
-6B1617746F073CFCD2CEBCAFBBE6FD0E28ED2D56 ^
-CF8D2EA3888AD76761799383E5A15979F6DB7A88 ^
-557AF6D9D5947203C60E98C9A79B92B8BD085E2B ^
-C61A217423DE68ED6CD34C91756C8DD3A650A2A2 ^
-73F3F79C151B6C1BD9369EDB26B932C2362B0593 ^
-364141E5FBCDE83F210C5BBBEB6810F6299DE14B ^
-F806BECD025D264FD59E93D9E3606A674C40F216 ^
-E0C761A57F00CBFB07D49BCB034C36A7122F4C5B ^
-5D3831044B9E0032FBE3C3425FFD13698F413B33 ^
-7EB1AB41E9997753C5D530DF118E71E72D7B86FC ^
-CC053EA1556269D7E8BCBA30B208FCBF0EE2EE64 ^
-A57739B1DD41E7DC0C40D6B6159A7E73CE2748AA ^
-90DA527C9DB9ACC2FD530D560A2F1191A80D0567 ^
-6AC1F2A0B8CA0E5ABC9FDF1ADCE588FBDF5CC53E ^
-43C1A0A0EE4163EC929726989F92B03639B233AB ^
-8927F299462413AC29A74080E54D8EE2DB7165E7 ^
-0C8D7E22226D91B423E781B508F31517EAAB607B ^
-7286E20D7F08D18A893254FBD3CC833F7973DCAF ^
-0CB8C235928B8E936C43B8F29EF3758B9FD54A7B ^
-F67C24CC23E440CA3F206CEEB5504ECA54CD5CA3 ^
-D78A25DEAA1E7ADADDB3C145ED0E5263BA4F2910 ^
-00AA68174D29492C578AC853FFCD55908292D41A ^
-D5570EEDB09A62A5948F7F311F7ED5EF247F9AD9 ^
-<D

makevms.com

@@ -482,14 +482,16 @@ $ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
 $!
 $! Copy All The ".H" Files From The [.FIPS] Directories.
 $!
-$ FDIRS := ,SHA1,RAND,DES,AES,DSA,RSA
+$ FDIRS := ,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC
 $ EXHEADER_ := fips.h
-$ EXHEADER_SHA1 := fips_sha.h
+$ EXHEADER_SHA := fips_sha.h
 $ EXHEADER_RAND := fips_rand.h
 $ EXHEADER_DES :=
 $ EXHEADER_AES :=
 $ EXHEADER_DSA :=
 $ EXHEADER_RSA :=
+$ EXHEADER_DH :=
+$ EXHEADER_HMAC :=
 $
 $ I = 0
 $ LOOP_FDIRS: 

openssl.spec

@@ -2,7 +2,7 @@
 %define libmin 9
 %define librel 7
 %define librev g
-Release: 1
+Release: 2
 
 %define openssldir /var/ssl
 
@@ -121,7 +121,6 @@ rm -rf $RPM_BUILD_ROOT
 
 %config %attr(0644,root,root) %{openssldir}/openssl.cnf 
 %dir %attr(0755,root,root) %{openssldir}/certs
-%dir %attr(0755,root,root) %{openssldir}/lib
 %dir %attr(0755,root,root) %{openssldir}/misc
 %dir %attr(0750,root,root) %{openssldir}/private
 
@@ -146,6 +145,8 @@ ldconfig
 ldconfig
 
 %changelog
+* Sun Jun  6 2005 Richard Levitte <richard@levitte.org>
+- Remove the incorrect installation of '%{openssldir}/lib'.
 * Wed May  7 2003 Richard Levitte <richard@levitte.org>
 - Add /usr/lib/pkgconfig/openssl.pc to the development section.
 * Thu Mar 22 2001 Richard Levitte <richard@levitte.org>

ssl/ssl-lib.com

@@ -749,7 +749,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4'"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!

ssl/ssl_cert.c

@@ -616,14 +616,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 	BIO *in;
 	X509 *x=NULL;
 	X509_NAME *xn=NULL;
-	STACK_OF(X509_NAME) *ret,*sk;
+	STACK_OF(X509_NAME) *ret = NULL,*sk;
 
-	ret=sk_X509_NAME_new_null();
 	sk=sk_X509_NAME_new(xname_cmp);
 
 	in=BIO_new(BIO_s_file_internal());
 
-	if ((ret == NULL) || (sk == NULL) || (in == NULL))
+	if ((sk == NULL) || (in == NULL))
 		{
 		SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -636,6 +635,15 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 		{
 		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
 			break;
+		if (ret == NULL)
+			{
+			ret = sk_X509_NAME_new_null();
+			if (ret == NULL)
+				{
+				SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			}
 		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
 		/* check for duplicates */
 		xn=X509_NAME_dup(xn);
@@ -658,6 +666,8 @@ err:
 	if (sk != NULL) sk_X509_NAME_free(sk);
 	if (in != NULL) BIO_free(in);
 	if (x != NULL) X509_free(x);
+	if (ret != NULL)
+		ERR_clear_error();
 	return(ret);
 	}
 #endif

test/Makefile

@@ -39,7 +39,7 @@ EXPTEST=	exptest
 IDEATEST=	ideatest
 SHATEST=	shatest
 SHA1TEST=	sha1test
-FIPS_SHA1TEST=	fips_sha1test
+FIPS_SHATEST=	fips_shatest
 MDC2TEST=	mdc2test
 RMDTEST=	rmdtest
 MD2TEST=	md2test
@@ -67,36 +67,40 @@ FIPS_AESTEST=	fips_aesavs
 FIPS_HMACTEST=	fips_hmactest
 FIPS_RSAVTEST=	fips_rsavtest
 FIPS_RSASTEST=	fips_rsastest
+FIPS_RSAGTEST=	fips_rsagtest
+FIPS_DSSVS=	fips_dssvs
+FIPS_RNGVS=	fips_rngvs
 
 TESTS=		alltests
 
 EXE=	$(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(EXE_EXT)  $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \
 	$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
-	$(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
+	$(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHATEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
 	$(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
 	$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
 	$(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
 	$(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
-	$(FIPS_RSASTEST)$(EXE_EXT)
+	$(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
+	$(FIPS_DSSVS)$(EXE_EXT) $(FIPS_RNGVS)$(EXE_EXT)
 
 # $(METHTEST)$(EXE_EXT)
 
 OBJ=	$(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
 	$(HMACTEST).o \
 	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
-	$(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+	$(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHATEST).o $(MDC2TEST).o $(RMDTEST).o \
 	$(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
 	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \
 	$(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
-	$(FIPS_RSASTEST).o
+	$(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_DSSVS).o $(FIPS_RNGVS).o
 SRC=	$(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
 	$(HMACTEST).c \
 	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
-	$(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+	$(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHATEST).c $(MDC2TEST).c $(RMDTEST).c \
 	$(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
 	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \
 	$(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
-	$(FIPS_RSASTEST).c
+	$(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_DSSVS).c $(FIPS_RNGVS).c
 
 EXHEADER= 
 HEADER=	$(EXHEADER)
@@ -160,7 +164,7 @@ test_sha:
 	../util/shlib_wrap.sh ./$(SHATEST)
 	../util/shlib_wrap.sh ./$(SHA1TEST)
 	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  ../util/shlib_wrap.sh ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \
+	  ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.req | diff -w SHAmix.fax - ; \
 	fi
 
 test_mdc2:
@@ -327,29 +331,31 @@ BUILD_CMD=if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
 		$(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi;
 
-$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_AESTEST); $(BUILD_CMD)
+FIPS_BUILD_CMD=$(BUILD_CMD) \
 	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_AESTEST); \
+	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $$target; \
 	fi
 
+$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
+	@target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
+
 $(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_HMACTEST); $(BUILD_CMD)
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_HMACTEST); \
-	fi
+	@target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
 
 $(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_RSAVTEST); $(BUILD_CMD)
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSAVTEST); \
-	fi
+	@target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
 
 $(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_RSASTEST); $(BUILD_CMD)
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSASTEST); \
-	fi
+	@target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
+	@target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
+	@target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
+	@target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
 
 $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
 	@target=$(RSATEST); $(BUILD_CMD)
@@ -375,11 +381,8 @@ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
 $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
 	@target=$(SHA1TEST); $(BUILD_CMD)
 
-$(FIPS_SHA1TEST)$(EXE_EXT): $(FIPS_SHA1TEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_SHA1TEST); $(BUILD_CMD)
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHA1TEST); \
-	fi
+$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
+	@target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
 
 $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
 	@target=$(RMDTEST); $(BUILD_CMD)
@@ -415,19 +418,13 @@ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
 	@target=$(DESTEST); $(BUILD_CMD)
 
 $(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_DESTEST); $(BUILD_CMD)
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DESTEST); \
-	fi
+	@target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
 
 $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
 	@target=$(RANDTEST); $(BUILD_CMD)
 
 $(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_RANDTEST); $(BUILD_CMD)
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RANDTEST); \
-	fi
+	@target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
 
 $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
 	@target=$(DHTEST); $(BUILD_CMD)
@@ -436,10 +433,7 @@ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
 	@target=$(DSATEST); $(BUILD_CMD)
 
 $(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
-	@target=$(FIPS_DSATEST); $(BUILD_CMD)
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-	  TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DSATEST); \
-	fi
+	@target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
 
 $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
 	@target=$(METHTEST); $(BUILD_CMD)
@@ -687,13 +681,28 @@ fips_rsavtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 fips_rsavtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
 fips_rsavtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
 fips_rsavtest.o: ../include/openssl/x509v3.h fips_rsavtest.c
-fips_sha1test.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_sha1test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_sha1test.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h
-fips_sha1test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-fips_sha1test.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-fips_sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_sha1test.o: fips_sha1test.c
+fips_shatest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+fips_shatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+fips_shatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+fips_shatest.o: ../include/openssl/cast.h ../include/openssl/conf.h
+fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_shatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+fips_shatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_shatest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_shatest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+fips_shatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+fips_shatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+fips_shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+fips_shatest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+fips_shatest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+fips_shatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+fips_shatest.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+fips_shatest.o: fips_shatest.c
 hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h

test/maketests.com

@@ -586,7 +586,7 @@ $ CCDEFS = "TCPIP_TYPE_''P3'"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!

util/checkhash.pl

@@ -16,7 +16,7 @@ sub check_hashes
 	my @args = @_;
 
 	my $change_dir = "";
-	my $check_program = "sha1/fips_standalone_sha1";
+	my $check_program = "sha/fips_standalone_sha1";
 
 	my $verbose = 0;
 	my $badfiles = 0;

util/libeay.num

@@ -2876,3 +2876,14 @@ EVP_sha256                              3315	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA
 FIPS_selftest_hmac                      3316	EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_corrupt_rng                        3317	EXIST:OPENSSL_FIPS:FUNCTION:
 BN_mod_exp_mont_consttime               3318	EXIST::FUNCTION:
+RSA_X931_hash_id                        3319	EXIST::FUNCTION:RSA
+RSA_padding_check_X931                  3320	EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS                    3321	EXIST::FUNCTION:RSA
+RSA_padding_add_X931                    3322	EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS               3323	EXIST::FUNCTION:RSA
+PKCS1_MGF1                              3324	EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq                    3325	EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_generate_key                   3326	EXIST:OPENSSL_FIPS:FUNCTION:RSA
+BN_X931_derive_prime                    3327	EXIST:OPENSSL_FIPS:FUNCTION:
+BN_X931_generate_prime                  3328	EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_derive                         3329	EXIST:OPENSSL_FIPS:FUNCTION:RSA

util/mkfiles.pl

@@ -59,7 +59,7 @@ my @dirs = (
 "fips/hmac",
 "fips/rand",
 "fips/rsa",
-"fips/sha1",
+"fips/sha",
 "ssl",
 "apps",
 "test",

util/selftest.pl

@@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {
     goto err;
 }
 
-$_=$options;
-s/no-asm//;
-s/no-shared//;
-s/no-krb5//;
-if (/no-/)
-{
-    print OUT "Test skipped.\n";
-    goto err;
-}
+# Not sure why this is here.  The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+#                   -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+#    print OUT "Test skipped.\n";
+#    goto err;
+#}
 
 print "Running make test...\n";
 if (system("make test 2>&1 | tee maketest.log") > 255)